Unknown Third Party Requesting Let’s Encrypt for my domain

Somebody has requested Let’s Encrypt Ssls for a domain that is not active, it has no website, no hosting and no webmaster. It has no dns records
We got locked out of our registrar account so the domain
expired but we were able to reactivate it again once they finally lets us back in, we have now recognised that 2 let’s encrypt Certificates were issued for it in this time frame

Our registrar is adamant that all of our files and folders and dns records have reset themselves due to the domain expiring and are adamant they didn’t request the SSLs

We have no idea how we revoke these SSLs and they are not showing anywhere in our domain account or dns records

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: aestheticstraining.co

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):
None
My hosting provider, if applicable, is: None

I can login to a root shell on my machine (yes or no, or I don't know):don’t know

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

Welcome @WhoisLetsEncrytpt

First, there was only 1 cert issued on Jan5. The crt.sh tool shows both the precert and the Leaf but that is just one cert. It expires on Apr4.

I agree your DNS for that domain does not have any A or AAAA records to direct people to a website or web service.

You can revoke it using the below instructions. But, since it expires soon and doesn't seem usable from public internet not sure how valuable that is.

It looks like that was hosted in the EU on IPs associated to RIPE for a bit ( 185.61.152.30, 185.61.152.61) before moving over to Akamai/Linode (172.234.25.151) for a hot minute.

Our registrar is adamant that all of our files and folders and dns records have reset themselves due to the domain expiring and are adamant they didn’t request the SSLs

I think your registrar is probably lying, or used a third party service that did that. It is possible/likely they had expired domains routed through the Akamai network and that automatically obtained a certificate for you. It looks like your registration expiration/renewal was on 2025-01-04 - which is when the certificate was issued and what 3rd party historical dns shows.

You can contact your registrar again, and ask Akamai about this. The instructions posted above by @MikeMcQ can help you.

I will note that registrars often do sketchy things with DNS. I haven't seen Namecheap do anything weird yet, but Name.com used to do the following: if you did not configure a wildcard subdomain match, instead of serving a NXDOMAIN for non-existent subdomains, they considered the infinity of possible subdomains to be "parked domains", and routed those into an advertising page run by sedo.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.