Determine which account certbot is using

My domain is: perception-staging3.kanjoya.com (this is one of the domains)

I ran this command: trying to find the command to run

It produced this output: none yet

My web server is (include version): centos 7

The operating system my web server runs on is (include version): centos 7

My hosting provider, if applicable, is: N/A

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.36.0

I inherited multiple certificates generated using let’s encrypt. I accidentally unsubscribed from the emails and now am trying to resubscribe using “certbot update_account -m new_email@host.com”. I found multiple let’s encrypt accounts.

How can I determine which account certbot is using? How can I make sure that is the same account that I used to receive emails from?

Thank you,
-Ryan

Each certificate that is under management by Certbot will have the account identifier listed in its renewal parameters file:

/etc/letsencrypt/renewal/example.com.conf

For example, it will look like:

account = d3b07384d113edec49eaa6238ad5ff00

This identifier correlates to the account directory in /etc/letsencrypt/accounts/. For example:

/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/d3b07384d113edec49eaa6238ad5ff00/

You can then pass --server https://acme-v02.api.letsencrypt.org/directory --account d3b07384d113edec49eaa6238ad5ff00 to update_account to update it specifically.

I don’t think there’s a way. Perhaps updating all of the accounts that are in use by your certificate renewal parameters is the way to go.

1 Like

Will all of the certificates managed by the account be listed under the [[webroot_map]] section of the /etc/letsencrypt/renewal/example.com.conf file?

Thank you for the certbot parameters for updating the specific account.

Each file in /etc/letsencrypt/renewal corresponds to one certificate. If you used --webroot to obtain that certificate and specified a distinctive webroot path for each domain (which isn’t a requirement!), all of the domains would be listed in [[webroot_map]]. But in the general case, you could find out what the domains covered by the various certificates are by running certbot certificates (they’re not guaranteed to be listed in /etc/letsencrypt/renewal configuration files at all, because Certbot always gets its list of domain names to renew by parsing the current version of the certificate on disk; the /etc/letsencrypt/renewal file is more about “how” than about “what”).

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.