I have multiple websites on my server that belong to my clients. The server has multiple IPs and each client’s website has been configured to have it’s own IP address.
For several reasons, including privacy and other (for example for competition not knowing who my clients are, etc…) reasons, I do not want these sites to be “related” or “associated” in any way, hence individual IPs for them.
I want to use letsencrypt for many of these domains/sites but I noticed a few things that are of concern:
I was only asked for an email of contact once when I installed first letsencrypt certificate. Does this email get published anywhere? Is it part of the certificate info? Can a third party obtain this email by any means?
I noticed that all the renew config files have same account id. Is this account id obtainable by third party by inspecting my certificate? In other words, is it possible for a third party to relate my domains because they all disclose the same letsencrypt account id?
Is the IP address of the machine where the letsencrypt request was made from, or where the certobot is run available and part of certificate data and can a third party obtain this information?
Sorry for the lengthy post but this is very important and I would really appreciate your reply. It would also be great if this information was available in the FAQ or guide.