Security about Accounts

If i lost my old account keys, how can i delete accounts at LetsEncrypt ACME servers?
Just like, if i reinstall my operating system, or reformat my hard drive.
If i do not delete these accounts, will it case some security issue?
I found the Community Moderator 'pfg' said at Apr '2016:

Revocation is something you do if your private key is compromised.
If you just want to stop using a certificate or account, delete them from your disk and you’re good to go.
No need to revoke anything.

But due to my english ability, i think he was talking about server certificate instead of account keys. I cannot distinguish that.
So I continue worry about my old account keys even they are not exists all over the hard drives all over the world this moment.
And btw, can we support GPGs as basic specification requirements?

1 Like

Account keys don't really have any eternal superpower.
If the certs issued by them have expired, that account is practically useless.
Which goes for server certificates as well - expired means useless.
[unless you happen to be reusing the private key (not recommended), then you run a more long-term risk and should change the private key every time you change systems (if not more frequently)]


Welcome to the Let's Encrypt Community :slightly_smiling_face:

The only true risk you face is someone revoking any unexpired certificates associated with the account.

Secondarily, they could change the contact email address(es) associated with the account, which would prevent you from receiving expiration notifications.


I think "lost" here is meant as "they are gone" and not as "someone else has them". I assume that due to the examples of "reinstall my operating system, or reformat my hard drive" instead of an example such as "someone stole the harddrive". Probably an English thing.

I don't really understand, can you elaborate on this?


GPG might be PGP ?


Yes, GPG is just the non-commercial implementation of the same standards/protocols as the commercial PGP as far as I'm concerend (might not be entirely true). But even then, I don't understand the request.


Sorry, yes, means PGP, GPG is a non-commercial implementation.
I mean we use GnuPG keys.
There are 3 types of keys: S/E/A, i mean the A.
It allows our account to have an expiration time, and we can make the account unavailable by revoking the GPG key.

In fact, no matter what. I just think we need to be able to revoke account validity.

And GPG/PGP is just a way i can think.
Just like two-way authentication in TLS.

Then, I mark this as my question resolution.
While i ask this , i don't know if this account is important or not.
So i think we need something like two-way authentication to revoke/delete our old accounts like GnuPG keys.
But now i know.
Then you can continue think about this.
I even think this can help reduce your servers' hard drive usage.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.