Received a Let's Encrypt certificate expiration notice for a domain I did not create

There seems to be something wrong with the records @letsencrypt. I am receiving expiration notices for a domain I do not own or know. Who can I contact to correct this?

copy of mail:

Hello,

Your certificate (or certificates) for the names listed below will expire in 0 days (on 12 May 16 21:13 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

www.benharesign.co.uk

For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can’t provide support by email.

If you are receiving this email in error, unsubscribe at XXXXX. (HTTP link, we know. We’re working on it!)

Regards,
The Let’s Encrypt Team

Are you using plesk ? There is a known bug related to that

Is that domain on the same server as you ?

1 Like

No the site is not on same server. I only use letsencrypt on my own VPS-es which do not use plesk but plain commandline letsencrypt.

A traceroute to the site above places it somewhere in Paris where I do not host sites so I have no clue how this could have been mixed up.

Maybe just a typo on the domain owner’s part, who happens to have a similar address? I’ve seen that a couple of times with common mail providers (i.e. @gmail.com). Of course the odds of both recipients being Let’s Encrypt users are astronomical … but then again, we’re at >3M certificates, so who knows. :smile:

Also not the case, I am receiving this on my personal domain. Is it possible to get reminders on emails without verifying the address? If so he could have typed it in on purpose but I doubt it since I am not in the uk and don’t know the domain or person behind it.

That leaves us with only two possible explanations: Either the person behind the domain entered your address on purpose (as you mentioned), or this is a bug (which I personally think is unlikely given that there haven’t been any other reports of this happening). Just to clarify: Have you used that email address as a contact option for any Let’s Encrypt certificates in the past, or is it not connected to Let’s Encrypt at all? If that’s the case, I think we can rule out the bug scenario as well.

Let’s Encrypt doesn’t use Double opt-in for account emails, so the first explanation seems likely.

I use that email as contact for all my certificates. To me it seems extremely unlikely a random person would use my email.

I just tweeted @benharesign lets see what he has to say.

Ok just got a reply from @benharesign. He has no idea so it really seems to me that this is a bug in the letsencrypt system somewhere. It doesn’t bother though me since the certificate has expired and I no longer receive notifications for this.