How to get account ID based on user.pub user.key files

Hello,

I’m trying to apply for increasing rate limit (we have 4,000 domain names to switch to HTTPS) and they ask me an account ID.

I only have a user.pub and user.key files (I used the ansible letsencrypt automation which do not expose account id).

I cannot find how to get my account ID based on those 2 files. Do you have an idea please ?

The generic advice is:

https://letsencrypt.org/docs/account-id/

I don’t know what precisely to do with that Ansible client.

I’ve read that documentation twice, that’s why I created a forum post.
It seems I can’t do that with Ansible let’s encrypt.

So I’m seeking an alternative solution to retrieve my account ID based on those 2 files without ansible let’s ecrypt.

Hi @tristanbes, can you send the user.pub file to me by e-mail at my forum username @eff.org? If I’m able to figure it out, I’ll follow up here.

(I’m requesting this because I’m assuming that they’re distinguishing public information from private information via the two filenames.)

Thank you, I just sent the email containing the user.pub file.

@jsha, could you please help answer this? What is the method of calculating account ID from an account public key (here a PEM-formatted RSA key)? I seem to remember it’s a hash of the public key, and the Certbot source uses

        self.id = hashlib.md5(
            self.key.key.public_key().public_bytes(
                encoding=serialization.Encoding.PEM,
                format=serialization.PublicFormat.SubjectPublicKeyInfo)
        ).hexdigest()

Is this the same account ID format that the CA will want when processing a rate limit exemption request?

(The reason for asking here is that @tristanbes’s client apparently does not expose the account ID to the user at all.)

The hash Certbot uses for the account directory name is not related to how Let’s Encrypt calculates account URL. Let’s Encrypt assigns an increasing numeric id to each account and creates a URL out of it. Ideally your toolset should keep track of that URL after account creation, since it will be necessary in ACMEv2. If not, the ACME protocol does provide a way to POST to the new-account URL with your existing key and get a reference to the existing account URL in return. I’m not aware of an off-the-shelf tool to do this, but it may exist!

1 Like

I’ve written a tool to retrieve the account ID for ACME v1.

7 Likes

That’s awesome, thanks @_az!

Thanks, it works just fine.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.