What is the email used for when I run certbot at the first time?

What is the email used for when I run certbot at the first time?
In the beginning, I thought it was not really useful and I really want some kind of privacy and don’t want people know my email from the public cert. So I gave an invalid email. But after the first run, I figured out the email becomes my account. That is something I don’t expect and no warning at all at the beginning of the script prompt. So I am wondering what the email address will be used for exactly here. Will the applied private key be send to that email?

The reason why I really care about it because I am living in a country which has internet censorship. By registering domain outside my country, by visiting google is illegal here and will go to jail if they find out.

Due to the invalid email address, I am thinking to do either

certbot register --update-registration

or

certbot unregister

or

rm -rf /etc/letsencrypt

Thank you very much for your help.

No, absolutely not. Private keys aren’t even known to Let’s Encrypt. Private keys should only exist on your local server.

The e-mail is used to send warnings about certificates about to expire when Let’s Encrypt doesn’t see a renewal covering the same set of hostnames.

Also, sometimes Let’s Encrypt uses the e-mail to send out warnings when clients are still using deprecated setups. For example, they send out a warning to people still using the ACME version 1 server, which is deprecated in favor of the version 2 ACME endpoint.

Also, it is perfectly possible to register an ACME account without entering an e-mail address. The client certbot would warn you that you’d be missing out on those warnings as I’ve said above, but it is possible.

I’m not sure what you mean by that. As far as I know, Let’s Encrypt ACME accounts have an account identifier which consists of an (alpha?)numeric ID. NOT an e-mail address.

1 Like

Dear Osiris, Thank you very much for your detail explanation. Got it. :slight_smile:

See also the --register-unsafely-without-email option in the Certbot command-line options in the user guide.

See also the --register-unsafely-without-email option in the Certbot command-line options in the user guide.

Cool. Thanks a lot. :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.