Email request to review cloudflare certificate

Hi all,

Got an email that starts off - As part of the Cloudflare SSL certificate renewal process, we need you to re-approve the domain (my domain name) so that we can re-issue SSL certificates for use on our network.

Is this legitimate?

The sites hosting service recently stopped allowing us to deal with Cloudflare through the host and having to go through Cloudflare itself.


It does at least sound similar to the start of some legitimate messages.

However, from time to time, messages of phishing attempts are actually very close to actual legitimate messages.

To be sure to give you a solid answer, can you possibly share stuff such as e.g. the headers of the email?

It could sound like the hosting service have previously routed your domain through Cloudflare for SaaS, and since one (or more) records do not match the old set up any more, further verifications would now be required to generate a such new certificate.

However, whether or not you would actually need to do that, would then depend a lot on the actual changes that have been made to your set, during the changes between “dealing with Cloudflare through the host” towards “through Cloudflare itself”.

Can you elaborate on that changes, or possibly share the domain / full host name, that the email mentions?

Something like this?

This is a legit email. You are required to revalidate the ownership of your domain if you would like to renew your SSL certificate in Cloudflare.

That looks like it. Thanks.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.