Why would the Mattermost server request a certificate for Paypal?


#1

Summary

In the log files of my mattermost server i see a request for a paypal certificate from letsencrypt

Steps to reproduce

I have set up this server recently on an new ubuntu 16.04 VM, version 4.3.1 (Enterprise ready, no license).

Expected behavior

Just a normal setup with letsencrypt support enabled.

Observed behavior

In my syslog i saw this message this morning. The pid 30618 is the one from mattermost ‘platform’. There are only three users on the server, almost no activity. Why would the mattermost server request a certificate for Paypal???

Nov 2 07:44:58 office platform[30618]: 2017/11/02 07:44:58 [INFO][www.paypal.com] acme: Obtaining bundled SAN certificate
Nov 2 07:44:59 office platform[30618]: 2017/11/02 07:44:59 http: TLS handshake error from 95.85.33.89:41088: map[www.paypal.com:acme: Error 400 - urn:acme:error:rejectedIdentifier - Error creating new authz :: Policy forbids issuing for name]


#3

Interesting.

You can possibly disregard this strange phenomenon as long as it doesn’t happen regularly. I can think of two explanations for this behavior:

  1. Someone at paypal made an error and mapped their domain to your IP address, redirecting paypal users to your server (woopsie).

  2. Let’s encrypt looks at the Host or similar headers to figure out what domain it should request a certificate for. Somone could be spoofing that and attempting to access your Mattermost server.

You can ignore @MusikPolice’s answer it doesn’t make sense.