We're using letsencrypt in quite a lot of servers in our production and development infrastructure.
When I installed in every server the certbot client, used the systems@mycompany.com email as email. The same one everywhere.
Now I want to change that email to jira@mycompany.atlassian.com so every time a renewal event happens, we get a ticket opened.
I changed it 2 days ago in one server:
# certbot update_account --email jira@mycompany.atlassian.com --no-eff-email
Saving debug log to /var/log/letsencrypt/letsencrypt.log
IMPORTANT NOTES:
- Your e-mail address was updated to jira@mycompany.atlassian.com. (edited)
But today, I have just received a renewal message in the systems@mycompany.com account regarding a renewal notification from a different server.
So my question is: do I need to perform the "certbot update_account" command in every single server?
The email address used is coupled to the account used. So if you have X Certbot instances with X accounts, then you will have to update the email address X times.
If you have shared a single account among the Certbot instances, then updating the email address just once would suffice.
The email address used when setting up the accounts doesn't matter. An account is identified by its public/private account keypair.
If you did not share the same account among all your Certbot instances, you probably have all separate accounts all requiring separate updating of the email address.
You might want to consider using a single account, but that would require manually migrating a single account to the other Certbot instances. Certbot does not have some kind of "import and export accounts" feature.