Spam emails of certificate expiration notice for fake domains


#1

Since last couple of weeks, I’m getting spam emails of certificate expiration notice for fake domains. And concerned part is, I have no idea what those domains are and who’s using them and why they’ve registered my email for the Let’s Encrypt certs for these domains.

Below are the domains:

I have ran no commands nowhere on no system.

I have no idea who’s the hosting provider for these domains.

I have no idea who owns these domains.

So I’m completely clueless here about these emails. And the emails keep coming every week in bulk.

Can someone help here to get rid of these spam emails?


#2

While it is true that the subscription to the expiry emails is not double opt-in, you should be able to unsubscribe your email permanently by clicking the link embedded in the email.

Would you be able to paste the contents of the email, so that we can verify that they are actually coming from Let’s Encrypt?

If you have concerns that your email is being used to register Let’s Encrypt accounts, you can also try to reach out to security@letsencrypt.org with your questions.


#3

Have you used or do you use Let’s Encrypt for your own domains? There has been a bug or two where a shared hosting control panel might create one customer’s certificates using the wrong account. (It was harmless except for the emails.) In that case a current or former customer of the same hosting company might get emailed, but random strangers wouldn’t.

In this case the domains are currently using Amazon EC2, which isn’t a shared host anyway…


#4

Hi @desaiuditd

please share the content of one of these mails.

The mails may be from Letsencrypt.

But it’s possible that this is a new type of phishing. So I get mails from banks I’ve never been a customer.


#5

The timing is about right – those hostnames all have certificates expiring January 1 (and no certificates expiring on other dates). It could be a phishing attack, but if it is, it’s pretty good.


#6

you should be able to unsubscribe your email permanently by clicking the link embedded in the email.

Would be it specifically for that particular domain or all the emails for all other domains (which I’ve added LE SSL for) will be stopped?


#7
Hello,

Your certificate (or certificates) for the names listed below will expire in 9 days (on 01 Jan 19 20:20 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

We recommend renewing certificates automatically when they have a third of their
total lifetime left. For Let's Encrypt's current 90-day certificates, that means
renewing 30 days before expiration. See
https://letsencrypt.org/docs/integration-guide/ for details.

[textkylie.com](http://textkylie.com/)

For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can't provide support by email.

If you are receiving this email in error, unsubscribe at <Mandrill Link>

Regards,
The Let's Encrypt Team

#8

Yes, I do. But they are on my private VPN servers. They are not on shared hosting.


#9

Yes. I also have a strong feeling that it’s a phishing attack.

I’ve also sent an email to security@letsencrypt.org.

Waiting for response.


#10

All emails from Let’s Encrypt. So I would strongly suggest editing the link out of your previous post if you don’t want that to happen!

And it’s a legit email, not phishing.


#11

Yeah. Thanks. :slight_smile:

But I don’t want to stop emails for my other domains. So that doesn’t seem like a good option.


#12

Maybe the security team can “unlink” the rogue ACME accounts from your email so I’d probably just wait for their response.