I'm in the process to migrate to certbot as the acme client and intende to run it in certonly mode.
Upon reading the man page/ help output I stumbled over the --register-unsafely-without-email flag for which the help states:
--register-unsafely-without-email Specifying this flag enables registering an account with no email address. This is strongly discouraged, because in the event of key loss or account compromise you will irrevocably lose access to your account. You will also be unable to receive notice about impending expiration or revocation of your certificates. Updates to the Subscriber Agreement will still affect you, and will be effective 14 days after posting an update to the web site. (default: False)
Unfortunately this help text only partly explains its implications.
I was wondering: What's the broader picture here? It states that I could lose access to my account, but which account? What does the account allow me to do and what are the implications of losing it? Can't I just create a new one? Will I still be able to create certificates for a domain used by a previous account in this case?
I think my current client is just running it without an email, but since this is
strongly discouraged I wished that the help text was giving more details about the account part.
Thank you very much.