Certificate Transparency Notifications

Answer these questions to help the Community help you with Security questions.

What is Certificate Transparency Notification? it says if everything looks correct i dont need to worry about it but i have no idea how to read the email or what information theyre even asking me is correct i dont know which certificate these are or how to even know if this email is a harmless one or not…i need an explanation basically for dummies because when i looked it up i still dont understand it.
What is the domain name?

Have you searched for an answer?

Please share your search results url:

When you tested your domain, what were the results?

Describe the issue you are having:

What error message or number are you receiving?

What steps have you taken to resolve the issue?

Was the site working with SSL prior to adding it to Cloudflare?

What are the steps to reproduce the error:

Have you tried from another browser and/or incognito mode?

Please attach a screenshot of the error:

Certificate Transparency Notifications are alerts that inform you when a new SSL/TLS certificate is issued for your domain. You can check the details of the certificate by searching for your domain on https://crt.sh. If the certificate looks legitimate (usually issued by a known Certificate Authority) and matches your domain, there’s typically no need to worry. If you see a certificate from an unknown source or otherwise unexpected, you should investigate further as it could be a sign of a security issue.

It can be kind of confusing when a lot of automated systems now exist to issue certs on your behalf, both Cloudflare and potentially your origin as well.

You can always turn them off under your domain in the cloudflare dashboard, SSL/TLS → Edge Certifications → scorll down to Certificate Transparency Monitoring.

Cloudflare’s own advice is:

Most certificate alerts are routine. Cloudflare sends alerts whenever a certificate for your domain appears in a log. Certificates expire (and must be reissued), so it is completely normal to receive issuance emails. If your domain is listed in the email, along with reasonable ownership and certificate information, then no action is required.

Additionally, you should check whether the certificate was issued through Cloudflare. To view all Cloudflare-issued certificates and backup certificates - which require no additional actions - visit the Edge Certificates page

in the dashboard.

You should take action when something is clearly wrong, such as if you:

Do not recognize the certificate issuer.
Have recently noticed problems with your website.

You can see the authorities Cloudflare uses here: Certificate authorities · Cloudflare SSL/TLS docs

2 Likes

Thats the thing how do i know when its a known source? I clicked the link you sent but I dont know whos who.

| Chaika MVP '24
January 30 |

  • | - |

Certificate Transparency Notifications are alerts that inform you when a new SSL/TLS certificate is issued for your domain. You can check the details of the certificate by searching for your domain on https://crt.sh. If the certificate looks legitimate (usually issued by a known Certificate Authority) and matches your domain, there’s typically no need to worry. If you see a certificate from an unknown source or otherwise unexpected, you should investigate further as it could be a sign of a security issue.

It can be kind of confusing when a lot of automated systems now exist to issue certs on your behalf, both Cloudflare and potentially your origin as well.

You can always turn them off under your domain in the cloudflare dashboard, SSL/TLS → Edge Certifications → scorll down to Certificate Transparency Monitoring.

Cloudflare’s own advice is:

developers.cloudflare.com

Certificate Transparency Monitoring · Cloudflare SSL/TLS docs

Certificate Transparency (CT) Monitoring is an opt-in feature in public beta that aims at improving security by allowing you to double-check any …

Most certificate alerts are routine. Cloudflare sends alerts whenever a certificate for your domain appears in a log. Certificates expire (and must be reissued), so it is completely normal to receive issuance emails. If your domain is listed in the email, along with reasonable ownership and certificate information, then no action is required.

Additionally, you should check whether the certificate was issued through Cloudflare. To view all Cloudflare-issued certificates and backup certificates - which require no additional actions - visit the Edge Certificates page

in the dashboard.

You should take action when something is clearly wrong, such as if you:

Do not recognize the certificate issuer.
Have recently noticed problems with your website.

You can see the authorities Cloudflare uses here: Certificate authorities · Cloudflare SSL/TLS docs

Under SSL/TLS → Edge Certificates Page you can see the Certs Cloudflare has issued for your domain. Pages, R2, and Worker Custom Domains will also issue their own certs which will directly target that hostname (r2.example.com, won’t be wildcards).
All of them will be one of these cert providers: Certificate authorities · Cloudflare SSL/TLS docs

If you see one unexpected, for example on a subdomain you don’t use, or by a certificate authority which isn’t one of those, then you have cause for concern.

Your Origin/actual Host may also have/use its own certificate(s) and authorities.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.