Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: intacct.com

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

I have received the notification from cloudflare certificate transparency notification that they observed certificates issuance which has no relations to our domain:
Hello,

Cloudflare has observed issuance of the following certificate for intacct.com or one of its subdomains:

Log date: 2023-12-06 07:09:34 UTC
Issuer: CN=R3,O=Let's Encrypt,C=US
Validity: 2023-12-06 06:09:34 UTC - 2024-03-05 06:09:33 UTC
DNS Names: 0b22bb10.status.cleafy.cloud, status.2talk.com, status.anthropic.com, status.be.worldline-solutions.com, status.beezup.com, status.careviso.com, status.devzero.io, status.everyoneprint.com, status.footholdtechnology.com, status.goautonomous.io, status.gocity.com, status.govcloud.onspring.com, status.immuta.com, status.inhealthcare.co.uk, status.intacct.com, status.iuvity.com, status.jotelulu.com, status.klearnow.ai, status.motivationworks.co.jp, status.outfit.io, status.phaxio.com, status.pirani.co, status.pirateship.com, status.punktum.dk, status.pureweb.io, status.silvermint.net, status.softpay.io, status.teleporthq.io, status.tom-tailor.com, status.unstoppabledomains.com, status.utinfo.ee, status.whatagraph.com, status.ysoft.cloud, status.zipsec.com, status4.securiti.ai, trust.catertrax.co.uk

Can anybody help me out what is happening? These are not recognized at all by our team. Should I revoke these certs? If yes, how can I achieve this?

How exactly do you propose to revoke certificates that you do not control? Generally the only time you need to revoke a certificate is if you lost control of its private key.

I have yet to see anything positive related to certificate transparency notifications. They tend to create nothing but noise and confusion.

Why did Cloudflare notify you if there is NO relation to one of your domains? I assume your domain is at least listed too, right?

If you don't know where the status.intacct.com (sub)domain comes from, perhaps you have a security problem with your DNS? Because status.intacct.com resolves to q6kg0tdv0tms.stspg-customer.com, which either someone from your own company added to the DNS zone of intacct.com or your DNS was hacked.

These all seem to be hosted by an Atlassian SAAS product, which is presumably allowed (and required) to issue certificates for them in order to provide its service to you. In that case they are valid and expected.

That cert looks like it was issued by a service called cleafy.com

Your subdomain status.intacct.com is included in it

See the cert here

Do you know who that is? It looks like a security service for financial sites.

It is not unusual for services to group multiple names in one cert.

If they are a service you use contact them.

Another clue is in the CNAME for status.intacct.com:

"sage-com"

Name:      status-sage-com-0600e6fa-ea36-424d-a293-f8bdfe66443c.saas.atlassian.com
Addresses: 65.8.178.21
           65.8.178.29
           65.8.178.22
           65.8.178.87
Aliases:   status.intacct.com
           q6kg0tdv0tms.stspg-customer.com

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.