locked
Secure Certificate Verification and domain access verification RRS feed

  • Question


  • I have an SSL secured website running on the Microsoft Azure website, which uses a Godaddy certificate issued on December 5, 2016 and expiring on December 5, 2017. However, in the past few days, I have been receiving daily emails that have "Secure Certificate Services" as the sender name, with "donotreply@godaddy.com" as the sender's email address.

    At first I thought it was a phishing message, particularly because the sender email appears to be from Godaddy.com but the support link in the email points to Microsoft Azure Support. I have no notifications on either Godaddy or Azure when I log in to my accounts on those portals. However, I am now getting these emails on a daily basis.

    As I recall having purchased a cert from Godaddy originally, I think the current cert was purchased within the Azure certificate installation process. The certificate says it was "issued by Godaddy". I thought Microsoft issued their own certificates, but maybe they use Godaddy now.

    So, I now suspect it's a real situation I should respond to, but don't have any solid information about why I'm getting these messages, since the certificate doesn't expire until December. Coincidentally, it is 3 months before expiry, which might make sense if something is trying to automatically renew the cert. But I don't see any information that confirms this on either site. I'm starting to think the email is actually being sent by Microsoft. But I still have not clicked on the link to verify the key. I am hoping to get some confirmation from the forum that this is correct. I'm also checking the Godaddy community.

    The email subject is:

    Domain Access Verification

    The body of the email is below (I have replaced site specific info with [ placeholder ] ):

     

    ==============================

    Dear Azure Customer,

    We have received a certificate signing request for the following domain(s):
    [My Domain Name]

    Our query of the Whois database returned your name as the administrator for the domain in the certificate request.

    In order to verify the validity of this request and that it was submitted by the entity to which the domain in the request is registered, please signify your final approval or disapproval of the certificate request by clicking the link below.

    https://certs.godaddy.com/anonymous/domainapproval.pki?vk=[key value]&locale=en-US

    Approval of the request will enable us to continue processing your request. Failure to approve the certificate request will lead to denial of the request.

    If the above address does not appear as a clickable link, cut/copy and paste it into your browser's address bar.

    If the Verification Page requests it, please use the following Verification Key: [Key Value]
    This part of our authentication process serves to ensure that only the entity/individual that controls the domain in the request can obtain a certificate for that domain.

    After completing the verification, please return to Azure Portal at https://portal.azure.com and complete the remaining steps outlined here.

    If you have any trouble or questions, contact us and let us know. We are available to help around-the-clock, seven days a week.

    For Customer Support, please visit https://azure.microsoft.com/en-us/support/options/.

    For further information, log in to your account at https://portal.azure.com

     

    ===================================

     

     

    Sunday, September 10, 2017 2:31 PM

All replies

  • I would suggest you check if auto renew is configured.

    ---------------------------------------------------------------------------------------------------------

    Do click on "Mark as Answer" on the post that helps you, this can be beneficial to other community members.



    • Proposed as answer by Nayana A S Monday, September 11, 2017 4:06 AM
    • Edited by Nayana A S Monday, September 11, 2017 5:10 AM
    Monday, September 11, 2017 4:06 AM