How can i reclaim certificates that was released under my email?
There is a re... very bad person, who's using my email (from bash history) to create LE certificates, and every month i'm getting tons of emails abotu domains expiration.
Is there an url to reclaim all this certificates and f--- this ahole? Or i should start reporting LE for spam in every blacklist?
To be honest, i've already seen over 300 domains with "expiry notification" (and i didn't registered this domains with my own hands) which is HIDING domains that i really need to track.
Please compare the IP addresses resolved for those other names.
If they match your IP (or an IP your site has previously used), it might explain what is going on here.
Understand that a certificate must first be issued before it can trigger an expiry email (70+ days later).
I doubt any spammer would create one cert (wait 70+ days) for the sole reason to have LE send you an email per each cert they can create.
[so the "abuse" might be unintentional - misconfiguration]
If the IPs don't match, are they all the same IP (or near to the same IP)?
If so, then you might want to communicate with the Hosting Service Provider (HSP) that operates those IPs.
If not, (which I can't imagine) there might be a high hosting turnover and most of those sites have moved to other HSPs and you need to retrace your HSP involvement to figure out where the common link is (between all those names and your email address).
OR
You could reissue your certs to an alternate (unpublished) email address.
And click any one of the unsubscribe links to remove your troubled email address from all emails for one year.
General problem: anyone can provide your email and you will get spam from "official" provider(in this case LE).
My problem: i do some server-stuff jobs, and another person who had access to server took a copy of certbot's certificate creation cli command, and now using it (WITH my email) to setup certificates for OTHER >>HIS<< clients, and im getting shit emails from LE about expiring domains that i'm not intended to monitor. What if LE will start sending to you promotional emails from "expiry@letsencrypt.com" email? Every time you will be checking this spam crap due to importance of this email address, right?
And yes, i'm already reporting abuses to hosters.
But due how it works, and im not being "company", they can easily ignore me.
If LE ignores me... then what? it's ok? LE is a new free way to annoy someone?
Then can i start providing LE's official emails for random domains?
If there was a page, where i can enter domain and my email, LE checks it, and send me url to prevent this certificate from activating from last IP address, that would solve this behaviour at all.
You could reissue your certs to an alternate (unpublished) email address.
And click any one of the unsubscribe links to remove your troubled email address from all emails for one year.
You think accepting and evading is a good solution? Yeah! Right! Lets allow LE abusers to spam your WORK email with shit that hide improtant LE email. Just spend a 30 minute per month to clean this "some chinese domain gonna expire soon".
There is an unsubscribe link at the bottom of every renewal reminder email. It will unsubscribe you from all such emails for one year, not just domain by domain.
Definitely not; I'm a pretty old-school anti-spammer, and I hear your concern here.
Unsubscribing from any one Let's Encrypt email will unsubscribe you from all of them, for a year. Even if someone creates another ACME registration or certificate using your email address, that will not result in more email.
If what you're requesting is closed-loop opt-in, we don't currently do that, but it's on my wish list of things to implement as we improve the integration with our ESP.
