My domain is: thegraph.com
You will need to provide more details.
But, I can make a guess ...
Right now your domain has a cert issued by Cloudflare Inc. And, if you previously tried to proxy your DNS with Cloudflare it may get a Let's Encrypt cert for you. Cloudflare also has a system to warn when certs get issued and it may even warn you about this.
Why do you think an "unauthorized cert" was issued?
6 Likes
Yes to all of the above. We will take it up with CF. None of the domains listed with ours are at all associated. Thanks for your help.
2 Likes
CF is a CDN/hosting service.
As such, they will host many domains from the same system.
It makes sense for them to combine domains [they host] onto a single cert.
[every hosting company does this]
What exactly did they issue that you feel was not correct?
4 Likes
Cloudflare will often bundle the domains from different clients together. They've been doing it less and less, but they do it. You must purchase a SSL from them or an advanced plan to ensure control of how they process certificates. I think under most options they will still add one of their internal domains onto the certificate to get around some deployment issues.
I think they stopped using the multiple-clients certificates in production and only use them for backup certificates. Last year, they announced "Backup Certificates" (Introducing: Backup Certificates) so they can maintain SSL in case of a mass CA revocation or a root being revoked. I think those still combine clients. It's just a stopgap measure, and I don't think it's been utilized yet. They basically grab certs from a second CA / root and keep them shelved unless needed. This way they don't need to somehow instantly order tens of thousands of certificates in a worst-case-scenario..
See
4 Likes
Thank you so much!! Super useful to know.
2 Likes
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.