This morning I received unexpectedly an email from ra@godaddy.com that said:

Dear Secure Certificate Customer,

We have received a Certificate Signing Request for the following domain: (removed)

Our query of the Whois database returned your name as the administrator for the domain in the certificate request.

In order to verify the validity of this request and that it was submitted by the entity to which the domain in the request is registered, please signify your final approval or disapproval of the certificate request by clicking the link below.

I have not applied for a secure certificate for the domain through godaddy or anyone else. The domain is registered with fxdomains, but I have not visited the control panel for weeks or made any changes to the domain or the site.

Is this some kind of phishing attempt to get my domain registration details? I replied to the email stating the above and asking if they could provide me with details of whoever has tried to obtain a security certificate for my domain. I got a standard acknowledgement but I don't know if I will get any info out of them. What would someone gain from getting a security certificate to a domain they don't own?

I would appreciate the advice of those experienced with running websites as to what might be going on here.

Wait for their response then post it in here. Do not be in a hurry

Their response, as expected, was that they could not provide the details of who had submitted the request.

There advice was to deny the request using the link in the email that I had been wary about clicking. Then they will ask the person who made the request to contact me about it. Since I can't think of a legitimate reason why anyone should want a secure certificate for my website (I am not an organization, no one else is involved who could have applied without my knowledge) I would be very surprised if anyone does.

Yep just deny the request until the person who made it can justify themselves.
Maybe wait a couple days and see if they contact you.

It could be a sign that someone's trying to hack into your business' accounts. I would change passwords just as a precaution, though of course if they did have your password, the damage would be done by now.

Could it be possibe someone misstyped his domain name and typed yours?

It may be possible someone made a mistake if your name is similar to someone's else.

I had three more such requests since my last post. If someone mistyped the domain name they are being pretty consistent about it.

I don't do e-commerce on the site so I have never needed a secure certifcate. There is no personal information kept on it.

The strange answer from your web host here. If I were you I would change web host and ignore the emails. Looks like your web hosting is not willing to help you at all (according to their answer they dent to you).

The reply was from GoDaddy through whom someone was trying to purchase a certificate, not my web host.

By "Secure Certificate" they are referring to installing a Dedicated SSL Certificate to your website is useful as it encrypts the information that's being passed through your site, which keeps your users secure when inputting credit card information on your site.

I've never used Godaddy, so I don't know much about them myself, but I know normally with any Web Host that the user would have to login to their control panel in order to even initiate an installation of a certificate, which makes me believe that your account has been compromised.

I'd probably recommend changing any passwords associated with your account and possibly try contacting Godaddy by phone as this may be better for communicating and getting your concerns answered.

Good Luck!

Yes but my site is not hosted with GoDaddy, I don't even have an account with them.

1. Do not click any link of that mail (be aware of screamers)
2.open a free account with godaddy,and forward the full mail to support@godaddy.com and ask for clarification.They will clarify your problem.
3.We can protect ourself ,by taking proper steps and this will help others also.
4.Few days ago I had received some confirmation mail from godaddy , after contacting godaddy support I came to know that was false mail not sent by godaddy.
4.Change your account password .