I want to change my account key. How to do this with Certbot?
I don’t think that Certbot implements the Account Key Rollover procedure that would make this possible.
You could try
certbot unregister to completely abandon your account and then start again, but that’s not exactly the question you posed.
Not sure if there is a built-in way to do this in certbot…
[checking on that in a spawned process (true multi-tasking) - LOL]
CAUTION: THIS NEXT SCENE INCLUDES VIOLENCE AND MATERIALS ONLY SUITABLE FOR MATURE AUDINECES… WATCH AT YOUR OWN RISK
But if you move/remove the contents of:
Certbot would be forced to create all new account(s).
[void where prohibited. mileage may vary. see store for details. subject to local laws. not valid in all states (of mind). harmful if swallowed. seek immediate medical attention should it come in direct contact with your eyes. actor portrayal - not a real consumer.]
Back at the ranch…
certbot can only remove an account with:
[I suppose it will prompt you through the process. - I have never tried it.]
But as @_az said, that really doesn’t answer your question:
“How can I change my account key?”
There doesn’t seem to be a “change account” nor “change key” option.
- Is there an alternative client (for MacOS) which has an option to change the account key?
- Does it make sense to open a feature request against Certbot or is this already on the todo list?
I’m not aware of any public client that implements key roll-over.
I don’t think Certbot has an issue for this, so maybe you can open one. Perhaps
certbot update_account can take a
I don’t think that Certbot has such a flag ‘–key-rollover’:
certbot --help all ... update_account: Options for account modification unregister: Options for account deactivation. --account ACCOUNT_ID Account ID to use (default: None) ...
certbot --help update_account usage: certbot update_account --email firstname.lastname@example.org [options] optional arguments: -h, --help show this help message and exit -c CONFIG_FILE, --config CONFIG_FILE path to config file (default: /etc/letsencrypt/cli.ini and ~/.config/letsencrypt/cli.ini) update_account: Options for account modification -m EMAIL, --email EMAIL Email used for registration and recovery contact. Use comma to register multiple emails, ex: email@example.com,firstname.lastname@example.org. (default: Ask). --eff-email Share your e-mail address with EFF (default: None) --no-eff-email Don't share your e-mail address with EFF (default: None)