As some others, I received an alert from the cert. transparency monitoring service for my domain:
Cloudflare has observed issuance of the following certificate for xxx.com or one of its subdomains:
Log date: 2022-05-31 12:24:47 UTC
I>ssuer: CN=GTS CA 1P5,O=Google Trust Services LLC,C=US
Validity: 2022-05-31 11:24:47 UTC - 2022-08-29 11:24:46 UTC
DNS Names: *.xxx.com, xxx.com
I was concerned that someone managed to create a cert for my domain for malicious reasons. I contacted Google Trust Service (GTS) Support as I was not aware that I ever used GTS for my certs.
They investigated and found out that this is caused by Cloudflare’s backup cert. service:
Cloudflare recently announced a new feature called Backup Certificates. This feature maintains a backup certificate in case one of their customers’ certificates has to be revoked, so they can mitigate the impact immediately and avoid outages. They describe our involvement here.
I really appreciate the Cloudflare services around CT monitoring and the backup cert. service! I even think Cloudflare is doing a great job to making internet/websites more secure in general by providing their free services!
However, it would be really great to exclude cases from notifications/alarms where Cloudflare itself issued a new cert. due the cert backup service.
Similar issues have been reported here (Post IDs; cannot add more links )