We received an email stating that one of our subdomains requires verification for the edge certificate renewal and suggesting to add a TXT record to verify the subdomain. It says the domain no longer resolves to the Cloudflare and says the certificate will expire in December.
The thing is our domain is using Cloudflare nameservers, and we use only Cloudflare-managed certificates, none of them is expiring in December. This subdomain is Proxied and falls under
I’m very confused, it looks like it’s either a bug with Cloudflare renewal, or a phishing attempt?
The email notification came from Cloudflare [email protected] signed-by:
Domain: ...(one of our subdomains)...
Organization: Cloudflare, Inc.
San Francisco, CA
Review Certificate Request
As part of the Cloudflare SSL certificate renewal process, we need you to re-approve the domain ... so that we can re-issue SSL certificates for use on our network.
If you previously validated this domain using the HTTP DCV method, you are receiving this email because:
- ... no longer resolves to Cloudflare's edge, and we cannot automatically complete the renewal process.
- Recent CA/B forum rule changes state that HTTP DCV is no longer permitted for wildcard certificates.
Add the DNS records shown below to avoid certificate expiration or remove the hostname if no longer in use.
Your current certificate expires on Wed Dec 27 13:40:10 +0000 2023. If you are unable to complete validation by the expiration date, Cloudflare will remove this certificate from the edge.
Add the following TXT entries to your authoritative DNS provider:
_acme-challenge....... TXT ...
Once records have been added, click this link to complete the renewal process: [legit cloudflare verification link with token]
The Cloudflare Team
Just to emphasize, we never had any dedicated edge certificate for that subdomain, we use a single wildcard cert, neither we changed NS settings, so subdomain never stopped to resolve to the Cloudflare. Additionally, we have other subdomains, but received no renewal email about them.
What is that?