Certbot — how do your registered account and certbot configuration relate?


#1

Hi all,

I just set up my first certificate on an Amazon Linux shared host.
I used my work email to register the cert, but want to go back and reset that email to a shared sysadmins inbox that goes to myself and a handful of my coworkers.

I know I can do this with certbot register --update-registration --email newemail@example.com

But I also saw in the docs that you can set a global email in the certbot’s ini file.

Which email address will the certbot use in future requests if I create an ini file at the default checked location (/etc/letsencrypt)?

Or, more specifically, will certbot use the ini file first over my account (which uses my personal inbox) or should I still go ahead and update my registration email?

I’m primarily concerned about the cert’s renewal, wondering who will receive the expiry emails.
Thanks!
Zack


#2

Hi @zemccartney,

The e-mail address that Let’s Encrypt uses to send reminders is always based on the one associated with the Let’s Encrypt account that requested the certificate. There is no other form of association between an e-mail address and a certificate.

So the association goes like

e-mail → account → certificate

and not like

e-mail → certificate

I’m about 95% sure that the e-mail address in cli.ini is used only when creating new accounts and not used to update existing accounts. Normally once you have an account in your Certbot configuration, a new account is only used if you switch ACME endpoints (e.g. a different ACME version or using the staging server).

So I believe the right thing to do is the --update-registration if you want the reminder e-mails to be sent to a different address in the future.


#3

Hi @schoen

Thanks for the fast response!

That’s all clear, I’ll go ahead with that. Thanks for clearing this up!

Best,
Zack


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.