Certbot - How to change the account key?

toc-rox · January 29, 2019, 9:47am

I want to change my account key. How to do this with Certbot?

_az · January 29, 2019, 9:53am

I don’t think that Certbot implements the Account Key Rollover procedure that would make this possible.

You could try certbot unregister to completely abandon your account and then start again, but that’s not exactly the question you posed.

rg305 · January 29, 2019, 5:24pm

Not sure if there is a built-in way to do this in certbot…
[checking on that in a spawned process (true multi-tasking) - LOL]

CAUTION: THIS NEXT SCENE INCLUDES VIOLENCE AND MATERIALS ONLY SUITABLE FOR MATURE AUDINECES… WATCH AT YOUR OWN RISK

But if you move/remove the contents of:
/etc/letsencrypt/account/acme-v01.api.lestsencrypt.org/directory
/etc/letsencrypt/account/acme-v02.api.lestsencrypt.org/directory
Certbot would be forced to create all new account(s).

[void where prohibited. mileage may vary. see store for details. subject to local laws. not valid in all states (of mind). harmful if swallowed. seek immediate medical attention should it come in direct contact with your eyes. actor portrayal - not a real consumer.]

Back at the ranch…
It seems certbot can only remove an account with:
certbot unregister
[I suppose it will prompt you through the process. - I have never tried it.]

But as @_az said, that really doesn’t answer your question:
“How can I change my account key?”
There doesn’t seem to be a “change account” nor “change key” option.

toc-rox · January 30, 2019, 8:58am

Questions:

Is there an alternative client (for MacOS) which has an option to change the account key?
Does it make sense to open a feature request against Certbot or is this already on the todo list?

_az · January 30, 2019, 9:08am

I'm not aware of any public client that implements key roll-over.

I don't think Certbot has an issue for this, so maybe you can open one. Perhaps certbot update_account can take a --key-rollover flag?

toc-rox · January 31, 2019, 6:46am

I don't think that Certbot has such a flag '--key-rollover':

certbot --help all
...
update_account:
  Options for account modification

unregister:
  Options for account deactivation.

  --account ACCOUNT_ID  Account ID to use (default: None)
...

certbot --help update_account
usage: 

  certbot update_account --email updated_email@example.com [options]

optional arguments:
  -h, --help            show this help message and exit
  -c CONFIG_FILE, --config CONFIG_FILE
                        path to config file (default: /etc/letsencrypt/cli.ini
                        and ~/.config/letsencrypt/cli.ini)

update_account:
  Options for account modification

  -m EMAIL, --email EMAIL
                        Email used for registration and recovery contact. Use
                        comma to register multiple emails, ex:
                        u1@example.com,u2@example.com. (default: Ask).
  --eff-email           Share your e-mail address with EFF (default: None)
  --no-eff-email        Don't share your e-mail address with EFF (default:
                        None)

system · March 2, 2019, 6:46am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Migrating account from certbot to Google Acme? Help	5	2207	January 29, 2017
Migrate certbot account from v1 to v2 Help	1	1179	May 31, 2018
How to update account certbot to acme.sh Help	2	914	August 13, 2021
Account keys info Client dev	3	1332	October 15, 2019
How do I replace my account key (private_key.json)? Help	4	3521	February 6, 2017

Certbot - How to change the account key?

Related topics