I have two questions for which I was unable to find answers:
- Let’s Encrypt issues certificates from the “Let’s Encrypt Authority X3” intermediary. The meaning of “3” is clear both from context and the CPS as being a monotonically increasing number for each version of the certificate.
However, what’s the meaning of the “X”?
In other CAs, I often see “G” being used to distinguish different “generations” of roots/intermediates (e.g. “G2”, “G3”, etc.), but Let’s Encrypt is the only CA I’ve seen to use “X” and I was curious as to why.
- When running an ACME client (so far I’ve used certbot and dehydrated) for the first time, a new account key is generated to register with Let’s Encrypt and sign requests to the ACME server. One can optionally include an email address to get expiry notifications. All well and good.
However, is there any problem with a single individual having multiple registrations – particularly ones without email addresses? I ask because I’ve deployed Let’s Encrypt certificates on several systems and each one generates a new key and registers separately and I don’t want to inadvertently violate a policy.