View existing email certbot or letsencrypt.org

Below updates email in certbot

sudo certbot update_account --email updated_email@example.com

  1. How to view email in certbot?
  2. How to view & update email in letsencrypt.org with respect to certificate expiring emails.

yes, I know certbot & letsencrypt.org are different but that does not solve my problem.

At least help on viewing existing email of registered domains on my server.

1 Like

I don’t think that Certbot provides any way to show the contact email for your Let’s Encrypt ACME account.

It is possible in theory, but it would involve modifying Certbot or using/creating a different program.

The expiration emails are sent to the contact address of your Let’s Encrypt ACME account, which is the same as what you input to Certbot.

Had you run the command you suggested in (1), all future expiration emails would be sent to updated_email@example.com.

1 Like

One of the JSON files in /etc/letsencrypt/accounts/ contains what Certbot thinks your account’s email address is.

Certbot’s log files will also include it.

However, Certbot’s local information can become out-of-date if you do something complicated like copy your account files to a second server and then use “certbot update_account” on one of the servers to change the address.

As an addendum, the below Python script will fetch your current email address from the Let’s Encrypt ACME server, using the account key from Certbot:

#!/usr/bin/env python

from acme.client import ClientV2
from acme.client import ClientNetwork
from acme import messages
import josepy as jose
from glob import glob

with open(glob('/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/*/private_key.json')[0], 'rb') as f:
    key = jose.JWK.json_loads(f.read())

with open(glob('/etc/letsencrypt/accounts/acme-v02.api.letsencrypt.org/directory/*/regr.json')[0], 'r') as f:
    regr = messages.RegistrationResource.json_loads(f.read())

net = ClientNetwork(key)
directory = messages.Directory.from_json(net.get("https://acme-v02.api.letsencrypt.org/directory").json())
client = ClientV2(directory, net)

client.net.account = regr
resp = client._post(regr.uri, None)

print(resp.json()['contact'])

e.g.

$ python view-email.py
['mailto:me@my-domain.com']

Is it in regr.json on your system? The systems I run it on have only recorded the account URI.

In a similar vein, I couldn’t find any way to trick Certbot to query the registration so that it would get reflected in its logfile.

3 Likes

Yup! Maybe it’s changed. On one installation I have something like:

{"body": {"status": "valid", "contact": ["mailto:user@example.com"], "agreement": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf", "key": { … }, "uri": "https://acme-staging-v02.api.letsencrypt.org/acme/acct/12345678", "terms_of_service": "https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"}

For me, the stuff from regr.json gets logged in the Account object repr() in the “DEBUG:certbot._internal.main:Picked account:” lines of the logs.

Looks Certbot stopped saving it since 0.26.0 - https://github.com/certbot/certbot/commit/83f7e72fefb8d9087a5ad488153a644e1b905572#diff-d14560cfae19e0b61ebac20ea3053edd

strip unnecessary items from regr before saving

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.