Delete duplicate account on server?

Hi @dchmelik,

Well, before doing anything, backup your /etc/letsencrypt/ dir, just in case:

Note: Just a warning, if you proceed to unregister your account, doesn't matter that you recover your files from this backup, the account would be removed from Let's Encrypt Database so you will have lost that account, you will have all the files of course but that unregistered account can't be used again.

#As user root
tar zcvf /root/backup-etc_letsencrypt_2018-Nov-3.tar.gz /etc/letsencrypt/

Now you must identify the account you want to unregister, you can use this script to know what accounts are defined in your system, what renewal conf are associated to them and what are the domains associated to every cert.

Edit a new file (I've used vi but use the editor of your choice)

vi /root/leaccounts

Add these lines and save the file:

#!/usr/bin/env bash
for i in $(ls -d /etc/letsencrypt/accounts/*/);do
    accounttype=$(echo ${i%%/} | cut -d '/' -f5)
    echo "### Account Type: ${accounttype} ###"
    echo ""
    for x in $(ls -d /etc/letsencrypt/accounts/${accounttype}/directory/*/);do 
        accountid=$(echo ${x%%/} | cut -d '/' -f7)
        echo "  Account ID: ${accountid}"
        certificates=$(grep -l "$accountid" /etc/letsencrypt/renewal/*.conf)
            for z in $certificates;do
                echo "    Domains associated to renewal conf file $(echo "$z" | cut -d '/' -f5)"
                certfile=$(grep 'cert =' ${z} | cut -d ' ' -f3)
                domains=$(openssl x509 -in ${certfile} -noout -text | grep 'DNS:' | sed 's/^[ \t]*//;s/[ \t]*$//' | sed 's/DNS://g')
                echo "    ${domains}"
                echo ""
            done
    done
    echo ""
done

Now add execution perms to the script:

chmod 700 leaccounts

and execute it

/root/leaccounts

Note: if you already had an acme-v01 account, certbot could have create a symbolic link to that account inside acme-v02 accounts dir so the script could show them as two different accounts but they are really the same with the same account id.

Review carefully the output to identify what is the account id that you want to unregister, and once identified unregister it:

certbot unregister --account heretheaccountid

If the account id is an account for staging environment, you must add the --staging parameter:

certbot unregister --account heretheaccountid --staging

You would be asked to confirm it because this action is irreversible.

Once done your account will be removed and you should not be asked again to select an account but keep in mind that this process only deletes the information inside /etc/letsencrypt/accounts/type-of-account/directory/hereyouraccountid but it doesn't remove any other dir, certificates, renewal conf files created using this account so you should remove those dirs/files manually (please, before delete anything you should double check that you are deleting the unused dirs, files and renewal conf files).

Cheers,
sahsanu

2 Likes