My account and website were stolen

Good afternoon.

I will try to explain.

  1. Previously, the mail pr@bixbit.io had an account in your service.

  2. Egor Punko - former employee of bixbit.io

  3. A former employee of Yegor Punko stole bixbit.tech from bixbit.io

  4. Please stop issuing certificates and do not cooperate with Egor Punko.

  5. We learned about the existence of an account in your service because we received a newsletter from you at pr@bixbit

Can you help us recover the old account that belonged to: pr@bixbit?

Hi, @Bixbitpr,

Let's Encrypt registrations (that's our term for them) work differently than accounts with most other services. In order to use or change an existing registration, you need to have its private encryption key. (This is separate from your certificates' private keys.) The email address on a registration is used only for notifications, not as access control or proof of ownership.

The only things that a hostile former employee could do with a Let's Encrypt registration are:

  • Revoke existing certificates that were requested using that registration.

You can mitigate this by using a new registration to request new certificates early, and switching to those new certificates.

This could only happen for a maximum of 30 days, and isn't likely to be useful for them. We recommend monitoring Certificate Transparency logs if you're concerned. You could also temporarily add CAA records to prevent issuance.

7 Likes

Adding on to James' comment ... Your website is currently managed by Cloudflare. You should check any account there.

You may be using Let's Encrypt certs for your Origin Server for HTTPS connections between your server and Cloudflare. Or, other subdomains. But, clients connecting to your bixbit.io site see a cert from Cloudflare.

openssl s_client -connect bixbit.io:443 -servername bixbit.io 

Certificate chain
 0 s:/C=US/ST=California/L=San Francisco/O=Cloudflare, Inc./CN=sni.cloudflaressl.com
   i:/C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3
 1 s:/C=US/O=Cloudflare, Inc./CN=Cloudflare Inc ECC CA-3
   i:/C=IE/O=Baltimore/OU=CyberTrust/CN=Baltimore CyberTrust Root
9 Likes

You probably misunderstood me.

Bixbit.io is doing well. This is the original site of the company.

You have access to the bixbit.tech website
This is a fake company website. It was made by a former dishonest employee.

We ask for it off (bixbit.tech/bxb.to) from letsencrypt services.

Let's Encrypt will issue certificates for any websites unless prohibited by law or the request of the domain owner / operator.

Only the owner of bixbit.tech/bxb.to can determine what is or is not issued for those domains.

If you have concerns about the content those domains Let's Encrypt is not the correct place to take up the matter. You should work with the registrar or hosting provider. There are also various legal avenues

7 Likes

Can you suggest what other legal options exist?

If this is a trademark or IP dispute, you can go through ICANN's uniform domain name resolution policy:

https://www.icann.org/resources/pages/help/dndr/udrp-en

10 Likes