I'm using letsencrypt in two ways: a docker stack using certbot directly, and another using traefik (which performs certificate management automatically, using lego). In both cases there's a setting for the registration email address.
Is that email address stored in the certificate, or elsewhere? And can anyone (other than letsencypt) discover that email address?
Hi @lonix1
Your email address is NOT stored in the certificate.
Thank you Rip!
So the only ones who know that (very powerful) email address are me, and letsencrypt?
I also can't find it in transparency logs, or some other weird place? (Sorry, I'm not an expert in these things.)
Yes.
The correlation of email to account/domains only exists in two places:
1- LetsEncrypt's database, which associates an Email Address to an Account ID. LetsEncrypt staff can pull this info themselves. You can pull this info yourself by presenting LetsEncrypt with the current AccountKey, which happens under secure https connections. No third party can access this information from LetsEncrypt. Intercepting this information during an API call would require a MITM or other attack.
2- If LetsEncrypt sends an expiry email, that email may be relayed to you by trusted third parties. It is possible, but incredibly unlikely, that (i) LetsEncrypt's email service providers or (ii) your email service provider, are mining this information from the emails they relay and store.
Your email address is only used by LetsEncrypt to inform you of a pending expiration, or the like. No one sees it here or anywhere else that you haven't published it openly.
i can message you here, but your email is not published at all. Rest easy.
Thank you both! I appreciate your help.
I just gave the "Cliff Notes"! Your explanation was exquisite !
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.