Solved : Use V1 account registration info with V2? Convert registration data: cpanel-letsencrypt to Certbot!


We have a rate limit increase for a V1 account. We wish to start running V2 for new domains, keeping our existing domains using V1.

Can I reuse the account registration data used for V1 with V2? If this can work, how do I place the private key into the registration files for V2?


Do I need to request a rate limit increase for a new account?

We were using the provided package from cPanel cpanel-letsencrypt (V1).
Now we wish to use Certbot(V2).

I have checked the files that store the keys\registration data and they do not seem to have the same keys/values.
V1: located at /root/.cpanel/
Contains :
{“key”:{“kty”:“RSA”,“n”:“xxxxxxx”,“e”:“AQAB”},“agreement”:“",“contact”:[],“private_key_pem”:"-----BEGIN RSA PRIVATE KEY-----\xxxxx-----END RSA PRIVATE KEY-----”,“uri”:“”}

V2: located at /etc/letsencrypt/accounts/
Contains 3 files:

{“creation_host”: “”, “creation_dt”: “timestamp”}

{“n”: “xxxxxxxxxx”, “kty”: “RSA”, “e”: “AQAB”, “p”: “xxxxxxxxxxxxxx”, “qi”: “xxxxxxxxxxxx”, “dp”: “xxxxxxxxxxxxxxxxxxxx”, “d”: “xxxxxxxxxxxxxxxxx”, “dq”: “xxxxxxxxxx”}

{“uri”: “”, “body”: {}}

I have been searching for information about this and did not find much.

Any information on this would be appreciated.


Stephan S.

Importing your existing cpanel-letsencrypt account key to Certbot is likely to be challenging. I don't think there is very good support for this and I suspect you'll be left manually converting between the two serialization formats and trying to fiddle with Cerbot's state behind its back.

I think the most straight forward path is for you to request a new rate limit increase for the new account, matching the old account (plus a sensible override for the new-orders rate limit specific to ACMEv2).

@jple - Do you agree with the above?

It seems that Certbot is storing the key in JSON Web Key(JWK) format. Where cpanel-letsencrypt is storing partly in JWK and the private key in pem format.

Does anyone know how I can convert my private_key_pem to JWK?

The conversion can be done by using a JOSE library in your choice of language or reading the JSON Web Algorithms standard ( Both ECDSA and RSA private key formats are described there.

You can use something like e.g. (assuming cpanel-letsencrypt uses RSA account keys). Just don’t put your key in that playground.

Thank you all for your help. It seems to be working now. Here is what I have done:

  1. Download and run jose.phar(on a linux box) to convert my private key that was taken from /root/.cpanel/ from key “private_key_pem”.
    curl -OL
    curl -OL
    ./jose.phar key:load:key key.pem

  2. Take the output from the conversion and paste it into my /etc/letsencrypt/accounts/

  3. Update my ACME id in /etc/letsencrypt/accounts/

  4. I tried to generate a certificate at this point. It worked, well partly. I found that it had just created a new registration due to the following error found in the log /var/log/letsencrypt/:
    certbot.errors.AccountStorageError: Account ids mismatch (expected: xxxxxxxxx-newdir-xxxxxxxx, found: xxxxxxx-olddir-xxxxxxxxxxxxxx

After some googling and stumbling upon this : Account ids mismatch . I then renamed the old directory name to the expected value in the log and deleted the new account directory that was created.

Now it seems to be working. I have certificates being generated and no new accounts being created.

I hope this helps someone.

If I have any issues I will come back here to post updates.

Thanks again!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.