Malicious certificate issuance to my domain

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):greetings.
i've noticed that 6 certificates were issued to my domain in the past 2 days, without me doing so.
i'm not sure of why, and I don't know what to do about it.

Domain Validated certificates (like Let's Encrypt provides) are issued on the basis of control, not ownership. It's very likely that your domain registrar, DNS provider, CDN, Web Application Firewall provider, hosting provider, or site designer had the certificate issued. Many such providers automatically request Let's Encrypt certificates on their customers' behalf.

Our documentation provides more details about how we validate control of domains:

If you wish to revoke a certificate, here are instructions:

If you wish to exercise more control over validation, we recommend adding CAA records:

9 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.