1. I received this since I am “enrolled” in the
   Cloudflare Certificate transparency monitoring.

2. I received this today via Cloudflare’s email.
   ===============================================
   Log date: 2022-05-30 02:29:58 UTC
   Issuer: CN=Cloudflare Inc ECC CA-3,O=Cloudflare, Inc.,C=US
   Validity: 2022-05-30 00:00:00 UTC - 2022-08-27 23:59:59 UTC
   ===============================================

3. DNS Names: I have two registered with Cloudflare as my domain registrar.

4. I am using a Universal Cloudflare Cert
   ECDSA SHA256 2022-07-07(Managed by Cloudflare)
   Certificate Validity Period
   1 year
   Certificate validation method
   HTTP

5. I am puzzled why I received this since i did not share/renew any
   certs.

6. My cert has a 1 year validity. So, in essense, this cert of mine will automatically
   renew on 07-07-2023.

7. Even strange is the validity of this newly issued cert- Validity: 2022-05-30 00:00:00 UTC - 2022-08-27 23:59:59 UTC which has already expired.

Kindly advise. Thanks much.

~Avian

Cloudflare Universal certificates are managed by Cloudflare, you don’t need to do anything for Cloudflare to continually issue certs as they need to. The CT notifications for those certificates are normal.

Generally you want a replacement cert active before this date, usual guidance is to renew about one month in advance.

In my diary that is still a few weeks away. There is a move in towards ever shorter certificate lifetimes, with “short” being anywhere from 7-90 days, which is what this certificate was issued for.

Thanks for the response/information.

Michael/ALL:

However, I am now VERY ALARMED as I received 4 emails June 2 from Cloudflare on another email account of mine and attempted to install the a certificate on my site without my permission and it is good that it failed/was not deployed.

Now, in the email below Zone ID f9aae91e49c77b9e617f90503af58648 is NOT MY ZONE ID.

My site is fully MFA.

Why it was entered and attempted for cert install?

Why did I get a cert installation attempt and also with trying to use a wrong Zone ID?

Kindly explain and

Kindly ESCALATE this URGENT MATTER to a Cloudflare SUPERVISOR.

I need answers why this happened.

Wrong Zone ID Certificate Installation Attempt or Account Breach1345×720 117 KB

----EMAIL —
Hello,

The Domain Control Validation (DCV) has failed for the certificate with the ID (erased for security purposes) belonging to Zone ID f9aae91e49c77b9e617f90503af58648. The DCV method is currently set to txt.

If the DCV method is set to TXT, please be sure to update your zone’s name servers at the registrar to the name servers assigned to your zone in the Cloudflare Dashboard or manually add this DNS TXT record to your authoritative DNS provider. For more help with changing name servers, please refer to https://support.cloudflare.com/hc/en-us/articles/205195708-Changing-your-domain-nameservers-to-Cloudflare

Alternately, please ensure that traffic to this hostname resolves to Cloudflare’s edge and that no Cloudflare firewall rules or page rules modify requests to the HTTP .txt file’s URL. For more help, please visit https://support.cloudflare.com/hc/en-us/articles/360020615111-Configuring-a-CNAME-setup.

If you want to change the current DCV method, please follow the steps listed here: https://developers.cloudflare.com/ssl/universal-ssl/changing-dcv-method

For any additional questions, please reach out to Cloudflare’s customer support team.

Thanks,
The Cloudflare Team

Certificates are generated for each of your Workers since wildcards only cover one level - so if you were using service environments then you’d have prod.worker.subdomain.workers.dev

This isn’t covered by *.subdomain.workers.dev so the Worker needs a *.worker.subdomain.workers.dev certificate.

This isn’t really a security issue at all - certificate issuance happens all the time transparently for Universal SSL, Advanced Certificate Manager, Cloudflare Workers and Cloudflare Pages - probably missed a few more too.

The zone ID won’t be ‘your’ domain’s zone since it’s your subdomain.workers.dev zone - as you can see in your screenshot.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.