Anonymous Registrations


#1

I noticed that Anonymous Registrations are listed separately at https://letsencrypt.org/stats/

In my simple letsencrypt windows client I’m not even asking for a email address to send over with the registration.

My question is, how important is that? Is there anything on the server that will be mailing the registered user if a renewal starts failing for instance?


#2

you’d want email registered for renewal notifications at expiry time (30 days out from expiry)


#3

So ACME server will send out emails if a cert expires?


#4

i believe that is the plan … @bmw @jsha @jcjones ?


#5

In our official client, we strongly encourage people to provide an email address. There are a few reasons:

  1. We’ll send notifications of expiring certificates, so people can make sure to update them.
  2. When we update the Subscriber Agreement, we will provide notification only to people who provided an email address.
  3. In the future, we may implement the Proof of Posession challenges listed in the ACME spec, which may mean that it important to be able to recover access to your account if you lose the key. Account recovery will be done via email.

So I would strongly encourage you to do the same, and request an email from people using your client. However, yes, we do support anonymous registrations, and we don’t have any terms requiring that clients request an email address. Our goal is that people can choose not to provide an email address, but we ideally want that to be an informed and intentional choice.

Thanks,
Jacob


#6

cheers @jsha didn’t know about the 3rd reason :slight_smile:


#7

Okay. I’ve added an email prompt to my client in the latest release.


#8

yup probably best, my integration also is scripted to require an email address too for above outlined reasons :slight_smile: