This question is not about a certificate, but rather about my account.
Sorry if I seem dumb or naive.
Starting from the bottom, I impulsively unsubscribed from expiration emails on one server,
but I would still like to get them for another server. I read in documentation,
"you can't resubscribe, but if you change your email, it effectively does it".
I'm not even sure which email got that now-deleted expiration notice, and which email might
be getting notices for the other server.
Is a Letsencrypt account the same as the one for this forum?
The certbot help refers to "ACME account". This is confusing.
Is there a way to find out what I've got?
Is this all done from the servers where the certificates are, or via websites?
There is the command
certbot update_account --email yourname+1@example.com
But I don't see anything about "tell me about my account".
They are not related.
[you might have used the same email address - I don't]
Not that I have ever heard of.
When you run certbot it will try to reuse the present account.
[if one doesn't exist (first run), one is created]
Let me add some examples that might help explain the cert email address situation:
The same certbot can manage multiple certs - each with their own "admin" and related email address.
The "same cert" can be individually created on two separate systems - each knowing nothing about the other (with individual accounts). And those servers can be managed by two different admins that prefer individual email addresses (and do so without any problem - AFAIK).
While certbot doesn't have an "external" command or option to view it, it does get returned by the ACME server and certbot does log it in its log at /var/log/letsencrypt/letsencrypt.log. Look for a line looking like:
Where ${acme_server_URL} and ${your_account_hash} are of course the corresponding URL and hashes on your server.
So it might not be retreived from the ACME server, but perhaps its just stored locally and fetched from the above file into the log.. Although I know that the ACME server can also return the e-mail address associated with an account.
So, that answered my question, but, while I suppose there good reasons for all this complexity,
I find this whole process rather daunting, to say the least.
Probably not. I think it's just something usually nobody is interested in, so the developers never put in any effort to build a feature that will return the accounts email address.
I've written a quick 'n dirty addition to certbot to retrieve and show the contact information available on the ACME server associated with a certain account:
I'm not sure how you've installed certbot on your host, but perhaps you or other users finding this thread might find it useful. Python is a interpreted high-level programming language, so it should be possible to just apply these modifications to the Python files of certbot on your disk. However, updating certbot would remove these modifications obviously, so it would be just temporary. (Note: if you're using "snap" to install certbot, I'm not sure if you can easily modify the contents of the certbot snap..)
Also note that my mod makes use of the already existing function query_registration() of the ACME library. Certbot just doesn't use that function anywhere currently, except for the mod above.
Maybe this can be used to easily update existing certbot files on a host? I was able to patch my servers certbot by doing:
First find the certbot location by searching for a rather certbot specific file:
server ~ # locate cli_constants.py
/usr/lib/python3.8/site-packages/certbot/_internal/cli/cli_constants.py
/usr/lib/python3.9/site-packages/certbot/_internal/cli/cli_constants.py
server ~ #
My server has Python 3.8 as wel as Python 3.9 installed. Python 3.9 is used by default, so I'm going to patch that one:
server ~ # cd /tmp
server tmp # wget https://github.com/certbot/certbot/commit/8bbf971b55e10eb9eb5243378d22072ee0ff5e7b.patch
server tmp # cd /usr/lib/python3.9/site-packages/certbot
server certbot # patch -s -p3 </tmp/8bbf971b55e10eb9eb5243378d22072ee0ff5e7b.patch
The option -p3 is necessary on my system, other values might be required on others, although I don't think so..
server tmp # cd /usr/lib/python3.9/site-packages/certbot
server certbot # patch -s -p3 </tmp/8bbf971b55e10eb9eb5243378d22072ee0ff5e7b.patch
server certbot # certbot fetch_account
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Phone number associated with account: none
Email address associated with account: redacted@example.com
server certbot #
@Osiris
That would be useful if included in the standard release, but for me, it is not worth the time and effort of doing, and maintaining, a patch for something not used very often.
(Even more so in a language I'd have to start learning to do it.)
I appreciate the assistance I have received here, and thank you for going the extra mile on my behalf.
I've asked the certbot team if they're interested, although I'm hesitant to put up with maintaining the PR for months and months on end (as the certbot team is rather small, they often don't have time to review PRs that are not critical).
If this shows your account URL, once this is released it might be nice to also update the Finding Account IDs documentation page to suggest just running this show_account command rather than suggesting spelunking through the account configuration JSON files.