Got an email that starts off - As part of the Cloudflare SSL certificate renewal process, we need you to re-approve the domain (my domain name) so that we can re-issue SSL certificates for use on our network.
Is this legitimate?
The sites hosting service recently stopped allowing us to deal with Cloudflare through the host and having to go through Cloudflare itself.
It does at least sound similar to the start of some legitimate messages.
However, from time to time, messages of phishing attempts are actually very close to actual legitimate messages.
To be sure to give you a solid answer, can you possibly share stuff such as e.g. the headers of the email?
It could sound like the hosting service have previously routed your domain through Cloudflare for SaaS, and since one (or more) records do not match the old set up any more, further verifications would now be required to generate a such new certificate.
However, whether or not you would actually need to do that, would then depend a lot on the actual changes that have been made to your set, during the changes between “dealing with Cloudflare through the host” towards “through Cloudflare itself”.
Can you elaborate on that changes, or possibly share the domain / full host name, that the email mentions?