Does the "account" matter?


#1

Hi,

in /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/ there is an account that has the e-mail address that I provided for my first domain. I didn’t want the second domain (belonging to someone else) to somehow share an account, so I moved the accounts folder, in order to create a new account.

Do accounts matter? Can I just use one account for hundreds of domains, belonging to hundreds of people, as long as I pass on the right email address? What happens when I “lose” my account (key)?

Thanks


#2

You can specify the email address as a parameter to letsencrypt if you want to, although I think it’s only used to alert you about when the cert is going to expire - no other connection, so if you are installing the certs it may be useful for you to get them all.


#3

hmm okay. So accounts are kind of “useless”?


#4

I believe the primary purpose of accounts will be for “proof of possession” features which are not yet implemented. Each account has an account key, and you will have to have that key to request renewal certificates. Thats just a very basic explanation, so i believe there is some nuance to it and other purposes.

At the moment however, proof of possession is not yet implemented. So at the moment, yes, they seem to be useless.


#5

I believe accounts also store temporary validation, it assumes you will still own the domain in nine months and doesn’t actually revalidate every time. Searching for references.


#6

What is the difference between renewal certificates and… the other ones? I thought it created a new private key and issue a new certificate either way.