Hi All, our Cloudflare logs show some system level record addition (ie not attributed to a user) that looks as though it was used to generate a wild card cert with lets encrypt. I can find no legitimate reason for those certificates to be created nor an understanding of why this would happen a the system level. Grateful if someone can help me understand what has happened and why please? Or otherwise confirm that this is a cause for concern?
Thanks in advance
Cloudflare uses different certificate authorities and Let’s Encrypt is one of them.
What’s the domain?
Thanks for responding - at this point I’d rather not give that information in a community forum.
The info in the logs is for creation of a certificate pack followed by the creation of an acme record then the deletion of an acme record. All of these actions are owned by cloudflare/system and are not associated with any user accounts.
Shortly after that we got a message from cloudflare warning us about the issuance of a certificate against our domain hence my interest.
If you don’t want to post the domain publicly, you can also run a check at sitemeer.com and post here the exact time you did so.
thanks,14-34-20 GMT+1
I have a****.it and i****.com for that time.
i***.com it is
That domain is using Digicert as proxy certificate, however Cloudflare is switching certificate authorities and so may have requested a new certificate, either as backup or as new one.
Can you post a screenshot of https://dash.cloudflare.com/?to=/:account/:zone/ssl-tls/edge-certificates? You can redact the domain if you wish.
there is a reference to ‘backup’ in the logs so maybe its the switch in cert authorities. Probably wouldn’t have raised an eyebrow over this if cloudflare had not emailed to flag the cert creation…
Right, the expiration date matches the backup.
1 Like
Thankyou for helping me understand this - its much appreciated.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.