I moved the domain; worldofmatthew.com away from Cloudflare back in August 2020.
Looking at an SSL transparency viewer today (crt.sh), I noticed that the are still SSL valid for the domain which is active until 26th June 2021. There appears to be no way to revoke the SSL certs and would allow Cloudflare to claim to be my website without my permission if they wanted to (I left for to reduce the visibility of my visitors to Cloudflare).
If you still have your account here, you can try the “Disable Universal SSL” button at the bottom of the SSL/TLS -> Edge Certificates screen.
But how would Cloudlfare claim to be your website without your permission? You control the name server setting at your registrar.
The domain can’t be managed as it has not been with Cloudflare since August.
By claim to be my website, I mean as Cloudflare have a valid SSL cert and their own large DNS service they have the ability to perform a MITM attack. I am not saying they will at all but you should trust no service you are not actively using to retain those powers.
Write an email to [email protected] using your domain in question in From: field, they do revoke.
It is not quick though, it took 2 weeks in my case since the first email to the revocation of Cloudflare certificates.
This topic was automatically closed after 30 days. New replies are no longer allowed.