Renewal of Certificate but Lost Access to Account


#1

My domain is: F1.SUPATREATS.COM

We want to renew the certificate for “fs1.supatreats.com”. We understand that in order for us to renew the certificate we have to log in to the Let’s Encrypt account. However, the person who was handling our Let’s Encrypt account is no longer with us and the email account is no longer in use. We have no way of recovering the access to the account.

What are our options to get access to the account and eventually renew the certificate?

Regards,
Ram


#2

Hi @ramises

it’s simple: Create a new account. There you need a Letsencrypt-client.

Check your webserver, if there is a client like CertBot.

If yes, perhaps you can reuse that account, because the public and private key may be stored there.

Directories:

default: /etc/letsencrypt

and others.


#3

By the way, this isn’t a login process involving a web browser or a username and password. Usually, if you’re running a Let’s Encrypt client on a web server, the account is authenticated using an encryption key that the client generates and saves somewhere. As @JuergenAuer suggested, if you still have access to the server, there may be a client application that may contain these credentials.

But also, Let’s Encrypt determines eligibility to issue certificates based on control over DNS records, not based on the Let’s Encrypt account. If the old account can’t prove its control of the site, then it can’t renew. If the new account can prove its control of the site, then it can renew. That’s why you can also just create a new account if necessary.

In general, Let’s Encrypt accounts are not very important for most purposes. They are created automatically by client applications and they don’t have long-lasting (or exclusive) power to reissue certificates. There are some limits on duplicate accounts, but the limits are very high and most people would never be anywhere near reaching them except as a consequence of a misbehaving automated script.


#4

Thank you both! I’ll work with our server guys. :slightly_smiling_face:


#5

Also… If you do find the old account data, you can change the email address without having access to the old one.

However, some ACME clients may not support changing email addresses.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.