Concerns regarding privacy when using letsencrypt with multiple domains on same server


#1

Hi,

I have multiple websites on my server that belong to my clients. The server has multiple IPs and each client’s website has been configured to have it’s own IP address.

For several reasons, including privacy and other (for example for competition not knowing who my clients are, etc…) reasons, I do not want these sites to be “related” or “associated” in any way, hence individual IPs for them.

I want to use letsencrypt for many of these domains/sites but I noticed a few things that are of concern:

  1. I was only asked for an email of contact once when I installed first letsencrypt certificate. Does this email get published anywhere? Is it part of the certificate info? Can a third party obtain this email by any means?

  2. I noticed that all the renew config files have same account id. Is this account id obtainable by third party by inspecting my certificate? In other words, is it possible for a third party to relate my domains because they all disclose the same letsencrypt account id?

  3. Is the IP address of the machine where the letsencrypt request was made from, or where the certobot is run available and part of certificate data and can a third party obtain this information?

Sorry for the lengthy post but this is very important and I would really appreciate your reply. It would also be great if this information was available in the FAQ or guide.

Thanks!

J


#2

This email isn’t public, no. You don’t need to provide one if you don’t want to either.

No, the account ID is not part of the certificate or available to a third party.

This isn’t currently made public, but it could well be, yes. It would be the IP address from which the request was made from. It’s not part of the certificate data, but it could be made available as part of certificate transparency I believe.


#3

As far as I know: it isn’t published. Perhaps you can find a definitive answer in Let’s Encrypts privacy policy.

Definitely not.

Only if they manage to get hands on the private key of your account. Which, obviously, would be bad in any case, not just b/c of the email retrieval possibility.

No, it is not embedded in to the certificate.

Not at this moment, but AFAIK there were plans to have the IP addresses published for transparency reasons. You can search this forum for some answers of actual Let’s Encrypt staff members.

If you really want to be thorough, you can have multiple Let’s Encrypt accounts and technically you could get every certificate from a different IP address. The former is quite simple: you can generate 500 accounts per IP address per 3 hours. Should be enough :wink: The latter is obviously quite a technical issue, although clients such as curl sometimes have an option to specify the source IP address with options such as --interface $source_IP_address. If that’s easily possible depends on the client you’re using at the moment.


#4

@Osiris @serverco Thank you very much for taking the time to reply and address my questions.

@Osiris, Looks like I have to figure out how to bind the client to an interface. When it comes to having a separate account per domain, does it mean the configuration would have to be stored in different location and i would use flags: --config-dir, --logs-dir, and --work-dir? Currently when I try to “certbot register” it tells me that I already have an account registered.


#5

That shouldn’t be necessary. The account used is stored in the renewal configuration for the certificate.

I’m not really seeing a supported method how you can register a new account indeed.

What you might use as a workaround, is just backing up existing account(s), so the account directory is empty and get a new cert. And then put the backed up accounts back again. But I agree it’s very cumbersome.
When you have multiple accounts, certbot will ask you which account you want to use.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.