Hi @dchmelik,
Well, before doing anything, backup your /etc/letsencrypt/
dir, just in case:
Note: Just a warning, if you proceed to unregister your account, doesn't matter that you recover your files from this backup, the account would be removed from Let's Encrypt Database so you will have lost that account, you will have all the files of course but that unregistered account can't be used again.
#As user root
tar zcvf /root/backup-etc_letsencrypt_2018-Nov-3.tar.gz /etc/letsencrypt/
Now you must identify the account you want to unregister, you can use this script to know what accounts are defined in your system, what renewal conf are associated to them and what are the domains associated to every cert.
Edit a new file (I've used vi but use the editor of your choice)
vi /root/leaccounts
Add these lines and save the file:
#!/usr/bin/env bash
for i in $(ls -d /etc/letsencrypt/accounts/*/);do
accounttype=$(echo ${i%%/} | cut -d '/' -f5)
echo "### Account Type: ${accounttype} ###"
echo ""
for x in $(ls -d /etc/letsencrypt/accounts/${accounttype}/directory/*/);do
accountid=$(echo ${x%%/} | cut -d '/' -f7)
echo " Account ID: ${accountid}"
certificates=$(grep -l "$accountid" /etc/letsencrypt/renewal/*.conf)
for z in $certificates;do
echo " Domains associated to renewal conf file $(echo "$z" | cut -d '/' -f5)"
certfile=$(grep 'cert =' ${z} | cut -d ' ' -f3)
domains=$(openssl x509 -in ${certfile} -noout -text | grep 'DNS:' | sed 's/^[ \t]*//;s/[ \t]*$//' | sed 's/DNS://g')
echo " ${domains}"
echo ""
done
done
echo ""
done
Now add execution perms to the script:
chmod 700 leaccounts
and execute it
/root/leaccounts
Note: if you already had an acme-v01 account, certbot could have create a symbolic link to that account inside acme-v02 accounts dir so the script could show them as two different accounts but they are really the same with the same account id.
Review carefully the output to identify what is the account id that you want to unregister, and once identified unregister it:
certbot unregister --account heretheaccountid
If the account id is an account for staging environment, you must add the --staging
parameter:
certbot unregister --account heretheaccountid --staging
You would be asked to confirm it because this action is irreversible.
Once done your account will be removed and you should not be asked again to select an account but keep in mind that this process only deletes the information inside /etc/letsencrypt/accounts/type-of-account/directory/hereyouraccountid
but it doesn't remove any other dir, certificates, renewal conf files created using this account so you should remove those dirs/files manually (please, before delete anything you should double check that you are deleting the unused dirs, files and renewal conf files).
Cheers,
sahsanu