What happens if you don't back-up account info?


#1

Lets say I install some Linux distro, use Let’s Encrypt and successfully grab a cert, wipe the server without backing anything up, and then repeat the process a few times.

What happens to the previous certs? And why is it important to back-up the letsencrypt folder?


#2

If you wipe the server, there is probably very little risk of someone getting your private key or certificate, so relatively safe ( in that you can’t revoke the old certificates without your account key, but you probably don’t need to if everything was removed beyond use).

There is a limit to how many certificates you can have ( 5 / domain / 7 days - this includes subdomains)

If you are doing it every day, that would be a problem. If you are doing it once a week, from the technical viewpoint of your server / SSL it wouldn’t be an issue for one domain.

However, having said that, I like to think about LE, who are very kindly providing the free certs, and I don’t think it’s particularly nice to them, loading their servers, repeatedly asking for the same certs if it were on a frequent basis.


#3

They are still active, but you deleted all the content that would allow you to use them. It’s kinda like you have a locked box and destroyed the keys; the box exists but you can’t use/open it.

So you’re not in the situation I described. LE also enforces a rate limit, so if you do it enough in a short period of time, you’ll soon not be able to get new certificates for a bit. By repeatedly getting new certificates re-issued, you’re also wasting resources that could serve you for other names or others and making it that much more difficult for LE to continue to provide their services.

Additionally, you can only revoke certificates if you have your account information that’s saved in that folder. By removing it, you now have no way to explicitly revoke a certificate you had issued.


Switch to a new client, don't keep account key?