Does Account Key has expires?

test_mail_new · December 16, 2020, 2:27am

Does Account Key has expires ?

If an account key have not sent request to LetsEncrypt for a long time, for example 1 year,

does LetsEncrypt will delete this account data or disable this account ?

petercooperjr · December 16, 2020, 3:16am

I don't think so. Or at least, I don't see any documentation that they would, and I think they'd want to keep the account keys on file (to keep them from being also used as certificate keys) so I don't think deleting them would actually help them out much. It's probably not much space compared to what they need to store for orders and authorizations and such, so there's probably not a lot of value in putting together some process to delete it. That's just a guess on my part, though.

test_mail_new · December 16, 2020, 3:19am

Yeah, it make sense.

aarongable · December 31, 2020, 7:09am

The ACME protocol does not specify whether or not account keys can or should expire. Your client should not make an assumption either way -- if it tries to reuse an account key and finds that it has been deactivated for some reason, it should generate a new account key.

Rip · December 31, 2020, 6:30pm

Thanks @aarongable for the update.

system · January 30, 2021, 6:30pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.