Why am I getting expiry notification for domain I don't own?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: the domain in question is www.smartcomponents.us. this is not a domain I own or have ever put a Let’s Encrypt certificate on.

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Sorry, that form was confusing for my issue. I received a Let’s Encrypt email that was sent via Mandrill… it looks legitimate from what I can see, but it claims a certificate will expire for a domain I don’t own and don’t have anything to do with from what I know.

“Your certificate (or certificates) for the names listed below will expire in 20 days (on 03 May 19 08:13 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors. We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details. ftp.smartcomponents.us mail.smartcomponents.us smartcomponents.us www.smartcomponents.us For any questions or support, please visit https://community.letsencrypt.org/. Unfortunately, we can’t provide support by email.”

No assistance with this? I really have nothing to do with this domain and I don’t understand why I’d get one of these emails.

It’s possible the person who does own the domain has a similar email address to yours and typo’d their own address when getting their certificate. It’s also possible someone maliciously used your address to register a cert just to annoy you with expiration notices, but that seems unlikely.

Humhhh… it seems to me the first answer is unlikely as the person who owns the domain is not in Canada (I looked it up a few days ago) and my email account is a Telus account. I don’t think that person would be likely to have a similar account.

Answer number 2 seems weird as well. Although, I guess it’s possible as I asked a question in here about another expired certificate notification of a domain I did own. I had thought my domain was auto-renewing.

It seems a ridiculous thing to do if that is the case. But who knows I guess. People can be quite strange.

Thanks for your input! It’s appreciated!

Another thing we’ve seen a number of times is when a shared hosting provider uses a single ACME account to provide certificates to several of their customers, but links the account to the first customer’s email address (rather than the hosting provider’s as they should).

Ok. That sounds like a possibility. I can check with my host for that. Thanks so much!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.