Suspicios email about Certificate Transparency
Hello everyone, today i was checking my email and noticied that the ssl certificates were updated.
I clicked the email and I was suprised to see that using Issuer: CN=WR3,O=Google Trust Services,C=US
were issued about 30+ certificates ABOUT DOMAINS I DO NOT OWN.
The certificate in question seems to be bundling my subdomain (auth.domain.com) with many unrelated domains.
All my other origin certificates are setup correctly and only *.domain.com or a specific subdomain have been listed.
Could this be a email that was sent by mistake?
2 Replies
I can post here the email if your interested to see it!
The certificate in question seems to be bundling my subdomain (auth.domain.com) with many unrelated domains.If it included your subdomain then it probably wasn't by mistake. Worth noting Cloudflare's CT service alerts you about all certificates being issued -- not just those by Cloudflare. It used to be a semi-common practice that even Cloudflare employed that your Universal would be bundled with a bunch of others in a huge SAN list to reduce renewals and such