How to use multiple accounts with Certbot?


#1

Is it possible to use multiple accounts with Certbot?


#2

Hi @toc-rox

yes, it’s possible. There are users with screenshots.

Certbot asks, which account should be used.

And there is an

 --account ACCOUNT_ID

you can use.


#3

You mean multiple accounts against a single ACME server, right?

Certbot does support this, but only partially. If you copy multiple account directories into /etc/letsencrypt/accounts/{server}/directory (say, from different servers), then Certbot will prompt you to choose one, when using that ACME server.

You can also specify --account xxxxx, where the value is the name of the directory for that account.

However, I don’t think Certbot allows you to actually create multiple accounts against a single ACME server. The register command complains:

There is an existing account; registration of a duplicate account with this command is currently unsupported.


#4

Yes, that’s right … and thanks for the responses so far.


#5

Can you explain the use case for having/using multiple accounts on the same system?

I’m trying to think of ways to force it…
But wondering why?
What is to be gained?

Since, they are FREE to get and are basically “disposable”.
And even email communications can be tied to specific domains (so even one account can still serve many email recipients - like from an HSP perspective).


#6

Do you have multiple mail addresses? If yes, why? A typical answer will be: Just to separate things.

BTW: It seems that Certbot doesn’t really support separation. Certbot is a very complex application … too complex in my eyes. It has two basic problems: Certbot has to be backwards compatible and isn’t able to loose wait. And on the other hand it seems a bit “over-engineered” (autoload, plugins, …). I wonder how a version 1.0.0 will look like.


#7

Multiple mail addresses and multiple accounts are different things.
I think certbot can do multiple email addresses within the same account.
So… do you really need multiple accounts or just more than one email address per account (like to have a specific email addresses linked to a specific cert)?