Received a Let's Encrypt certificate expiration notice for a domain I did not create


#1

There seems to be something wrong with the records @letsencrypt. I am receiving expiration notices for a domain I do not own or know. Who can I contact to correct this?

copy of mail:

Hello,

Your certificate (or certificates) for the names listed below will expire in 0 days (on 12 May 16 21:13 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

www.benharesign.co.uk

For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can’t provide support by email.

If you are receiving this email in error, unsubscribe at XXXXX. (HTTP link, we know. We’re working on it!)

Regards,
The Let’s Encrypt Team


#2

Are you using plesk ? There is a known bug related to that

Is that domain on the same server as you ?


#3

No the site is not on same server. I only use letsencrypt on my own VPS-es which do not use plesk but plain commandline letsencrypt.

A traceroute to the site above places it somewhere in Paris where I do not host sites so I have no clue how this could have been mixed up.


#4

Maybe just a typo on the domain owner’s part, who happens to have a similar address? I’ve seen that a couple of times with common mail providers (i.e. @gmail.com). Of course the odds of both recipients being Let’s Encrypt users are astronomical … but then again, we’re at >3M certificates, so who knows. :smile:


#5

Also not the case, I am receiving this on my personal domain. Is it possible to get reminders on emails without verifying the address? If so he could have typed it in on purpose but I doubt it since I am not in the uk and don’t know the domain or person behind it.


#6

That leaves us with only two possible explanations: Either the person behind the domain entered your address on purpose (as you mentioned), or this is a bug (which I personally think is unlikely given that there haven’t been any other reports of this happening). Just to clarify: Have you used that email address as a contact option for any Let’s Encrypt certificates in the past, or is it not connected to Let’s Encrypt at all? If that’s the case, I think we can rule out the bug scenario as well.

Let’s Encrypt doesn’t use Double opt-in for account emails, so the first explanation seems likely.


#7

I use that email as contact for all my certificates. To me it seems extremely unlikely a random person would use my email.

I just tweeted @benharesign lets see what he has to say.


#8

Ok just got a reply from @benharesign. He has no idea so it really seems to me that this is a bug in the letsencrypt system somewhere. It doesn’t bother though me since the certificate has expired and I no longer receive notifications for this.