How can I create a second account? Can certbot-auto eveb handle multiple accounts?


#1

This is a 2 part question…

Background: I have an account and have been a happy user for over a year. Some of my domains are handled by certbot-auto; some are handled by a custom certificate manager. I am at the point where I need to create one or two additional accounts to manage a portfolio of domain names. The tldr; is that my “personal” information is associated with the current account, and I need to partition/isolate some existing+new domains into two new “professional” portfolios that will have different sets of owners/managers/contacts.

The certbot-auto command won’t let me register a second account on the existing server. I get the following notice:

There is an existing account; registration of a duplicate account with this command is currently unsupported

I could use the ACME API to generate new accounts manually, but I don’t know how/if any of those accounts could be registered with /etc/letsencrypt/... config, or if certbot-auto could even support that.


Multiple accounts to temporarily get around new authz limit?
#2

I don’t have access to a certbot installation right now, but one thing you could try is running certbot register with an empty account directory (either by running it on a separate server, temporarily moving /etc/letsencrypt somewhere else, or using a different value for --config-dir), and then merging both account directories.

You’d have to add --account <account-id> to any command you run after that. (The account ID is just the name of the corresponding subdirectory in the accounts directory, IIRC.)

(Thinking about this some more, maybe using separate --config-dirs in general would be a good enough approach for the kind of isolation you’re looking for.)


#3

multiple config-dirs would most definitely work. I could probably manually edit everything to let them switch account keys for renewal too.


#4

I found something that works well-enough for now:

mv /etc/letsencrypt/accounts /etc/letsencrypt/accounts.off
./certbot-auto register
mv /etc/letsencrypt/accounts.off/acme-v01.api.letsencrypt.org/directory/*  /etc/letsencrypt/accounts.off/acme-v01.api.letsencrypt.org/directory/

then I can invoke certbot-auto with the correct account id:

./certbot-auto certonly --standalone --account=fullHexId

#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.