Why is another account added?

ccb · September 14, 2023, 6:25pm

We had another account added to our letsencrypt accounts file (May '23). The original account had been in there since 2017.

I'm wondering why this happened. I haven't found an answer to why another account was created when we did not add it. This inexplicable account adding seems to have happened to others.

Additionally, there are a couple of locked posts about the "Please Choose Account" solution for the certbot script. It seems the answer is to remove one of the accounts. I want to issue a word of caution about removing accounts. If you have renewal scripts scheduled, they will not work if you remove the account that created the certificate being replace. It's actually safer to delete the new account than the old one.

Example archived topic:

rg305 · September 14, 2023, 6:26pm

Hi @ccb, and welcome to the LE community forum

Is it a staging account?
Is it for another CA?

rg305 · September 14, 2023, 6:32pm

It might be helpful if you post the link(s) to such topics.

ccb · September 14, 2023, 7:16pm

It's not for staging. It's the same CA

Osiris · September 14, 2023, 7:17pm

Once, in the very beginning of Certbot (probably still called "letsencrypt" back then), I too happened to end up with two staging accounts somehow. I don't think that was intentional.

There may have been a bug in the very early versions of Certbot. More up to date versions probably wouldn't have this behaviour.

Also, my Certbot (2.7.0-dev0) doesn't care at all which account is mentioned in the renewal configuration file for some reason. It even complains when I try to renew it non-interactively, because I need to choose the account for some reason.. Which is weird, because it obviously is set in the renewal configuration file. But Certbot doesn't use that option? Bug?

ccb · September 14, 2023, 7:24pm

certbot 2.6.0

certbot renew works fine for both accounts because it's looking for the same one. but removing one used previously was an issue

Osiris · September 14, 2023, 7:25pm

But also all this time? Did your second account suddenly appear recently and also with Certbot 2.6.0?

If so, you might be able to retrieve/find the log responsible for that in /var/log/letsencrypt/.

Curious, that's not the behaviour I'm seeing myself.

ccb · September 14, 2023, 7:29pm

updated

ccb · September 14, 2023, 7:33pm

yes in May it was the same version.

I know no ones updated it, because are dev ops guy moved on and I handle any issues on the load balancers personally.

ccb · September 14, 2023, 7:39pm

Looks like it keeps about a 1000 log files, way to far back to fetch that now.

Are you running certbot renew?

Osiris · September 14, 2023, 7:52pm

When I tried, yes, I did a certbot renew --cert-name example.com. Not sure if the --cert-name would matter.

Hm, nope, even with just certbot renew Certbot renews just fine, even when I completely delete the account mentioned in the renewal configuration file. Heck, the account option from the renewal configuration file gets updated!

rg305 · September 15, 2023, 2:56am

If you run certbot twice a day... that's 500 days worth of logs.

rg305 · September 15, 2023, 3:27am

Those topics are from 2016 and 2018.
I'm unsure if they are directly related to the current [2023] issue you are raising.
I'd like to see more detail on the accounts created.

system · October 15, 2023, 3:27am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
'Please choose an account' Server	3	9600	August 3, 2016
What's all that account settings? How much does it matter? Help	4	549	September 29, 2021
Multiple accounts and confusion with that fact Help	2	1001	September 25, 2018
How can I create a second account? Can certbot-auto eveb handle multiple accounts? Help	4	8340	January 5, 2017
How to use existing account with Certbot? Help	2	904	September 9, 2020

Why is another account added?

Related topics