Does Account Key has expires?

Does Account Key has expires ?

If an account key have not sent request to LetsEncrypt for a long time, for example 1 year,

does LetsEncrypt will delete this account data or disable this account ?

3 Likes

I don't think so. Or at least, I don't see any documentation that they would, and I think they'd want to keep the account keys on file (to keep them from being also used as certificate keys) so I don't think deleting them would actually help them out much. It's probably not much space compared to what they need to store for orders and authorizations and such, so there's probably not a lot of value in putting together some process to delete it. That's just a guess on my part, though.

3 Likes

Yeah, it make sense.

3 Likes

The ACME protocol does not specify whether or not account keys can or should expire. Your client should not make an assumption either way -- if it tries to reuse an account key and finds that it has been deactivated for some reason, it should generate a new account key.

6 Likes

Thanks @aarongable for the update.

1 Like