The company I work for runs a server that hosts websites for different clients.
It was decided that the reminder E-Mails for expiring certificates should be sent to the client that owns the domain, not our sysadmin, so I created the certificates with this command:
certbot certonly --webroot -d example.com -m firstname.lastname@example.org [other args]
Note that the Mail Address given here would be different for other domains on the same server with the same certbot installation.
Recently it came to light, that some of the certificates had a wrong E-Mail address, which led to the wrong people receiving the expiry reminder from Let's Encrypt.
Is there a way to update the E-Mail Address for individual domains?
I am aware of
certbot update_account --email email@example.com but if I understand it correctly, this will update the E-Mail Addresses of all the certificates that this certbot manages.
Thank you for your help and this amazing service!
I believe that there can only be one email address for all domains under a specific ACME account. And I don't think Certbot makes it easy to manage multiple ACME accounts. So this may be trickier to set up than you're expecting, and may involve migrating to some other ACME client or configuring different certbot paths for different domains or something like that.
Also, in theory the email should go to the account "subscriber", who is the entity which has the private key. If you're running the automation for your clients, wouldn't it be you who would want to know if the automation wasn't working rather than your clients? What would your clients do with that information? There might be emails in the case of things other than expiration, too, like if there was some incident that required reissuing your certificates. You might need to explain a bit further what your relationship is with the clients and why you'd want to be the one running commands but would want notifications going to somebody else.
You should definitely read through the Integration Guide you you haven't already, especially the part about "Who is the Subscriber".
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.