Help with LE Account Key

So apparently I did not understand how the LE account keys work and I was creating a new LE account key for each of the 800+ domains I was getting a cert for. :worried: Sorry for my mistake…

Since I got an error back at about halfway through those domains, I am thinking I only need one LE account key then regardless of the number of domains I get certs for. One question though… the error message I got back mentioned “too many registrations for this IP address”. Is the LE account key tied to my server’s IP address? How do I go about clearing out all the unneeded account keys from the LE server?

Thanks in advance!

That's correct. You can use one or more account keys. It doesn't matter much.

A few of the rate limits are per-account, but most of them are per-domain without regard to account, and you shouldn't hit them anyway.

An account isn't tied to an IP address. You can use any of your accounts from any IP address.

Creation of new accounts is rate limited per IP address (or netblock), as documented at the link above, but the usage of accounts themselves is not restricted.

I'm not sure you can. :confounded: You definitely don't have to. You can use one or more of your existing accounts and forget the others.

In general, you might want to check out this guide:

2 Likes

Hopefully all the extra unneeded accounts will expire after a period of non-use.

Accounts won't expire but you can explicitly deactivate them. If you're using Certbot, there is an "unregister" verb to use:

unregister:
Options for account deactivation.

--account ACCOUNT_ID Account ID to use (default: None)

If you don't use Certbot, the client may have an option to do the same. If it doesn't, there is a utility script in the Certbot repo that can do this.

1 Like

@cpu:

Thanks! We are talking about 450 account keys that I inadvertently registered that I would want to deactivate. Therefore, all the manual approaches may not really be practical. Unfortunately, Certbot really does not meet my needs, as I am dealing with a lot of user-registered domain names that point to my server.

These were created via a Perl module, Crypt::LE (I am not the module’s author).
There is no unregister method in the module.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.