Using Let's Encrypt, how do I change the email that SSL certificate renewal emails go to?

April 2, 2018 158 views
Let's Encrypt Ubuntu 16.04

When setting up the SSL cert, I provided an email address for lost key recovery and notices, but now I'd like to change that email. What's the command for doing so? Can I update multiple SSL certs at once? Thanks!

1 Answer
mnordhoff April 2, 2018
Accepted Answer

When setting up the SSL cert, I provided an email address for lost key recovery and notices, but now I'd like to change that email.

It depends on which ACME client you're using.

With Certbot, it's "certbot register --update-registration -m user@example.com".

You have to do it with each of your accounts. For example, if you have multiple droplets, or multiple ACME clients installed, and each one asked you for your email address, each one is probably a separate account.

(Having numerous accounts is fine.)

Can I update multiple SSL certs at once?

I'm not sure what you mean. The email address is associated with each account, not each certificate.

  • With Certbot, it's "certbot register --update-registration -m user@example.com".

    Thanks, I am using certbot so this is perfect.

    I'm not sure what you mean. The email address is associated with each account, not each certificate.

    Understood. I misunderstood where the email address was associated and didn't realize it was account-level instead of cert-level.

    When I used the command to update the email address, I got an unexpected error. I am not sure if sensitive info is included in this error, but it begins as follows:

    UnexpectedUpdate: RegistrationResource(body=Registration(status=None, authorizations=None, agreement=u'https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf',
    

    More info is in the logfile but I'm not sure which parts are relevant yet. Seems related to service agreement/ terms and conditions?

    Thanks!

  • Thanks, I am using certbot so that's perfect.

    I had misunderstood where the email address was associated– thought it was at cert level instead of account level.

    When I try to update the email using that command, I get an error that seems related to the terms and conditions. My comment has been rejected as spam twice now when I try to include the partial & redacted error message, so I'm not sure if I can provide more info easily, but if this sounds familiar to you I'd be much obliged for any help.

    • I'm afraid not. You might try starting a thread on https://community.letsencrypt.org/ or seeing if you can post it on a pastebin and link that here.

      • Thank you, I should have done that right off the bat– here's the pastebin: https://pastebin.com/fteCHETx

        community.letsencrypt.org is my next stop! I did read a thread there that seemed to be this error however the posted solution (adding a domain with the domain flag) didn't work for me.

        • What version of Certbot are you running?

          I'm not certain, but that looks like an issue fixed around Certbot 0.13.0.

          https://github.com/certbot/certbot/issues/4330

          • I read that issue too and definitely agree, my error was the same. I am running the latest package that is available for Apache on Ubuntu, 0.12.0-1 (xenial). I don't know if there's a way for me to update because all I'm really familiar with is using apt-get. So for now I hope that my manual change to the json file at /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/<hash>/regr.json sticks!

          • Thanks, I didn't realize that I a later version was available via that site you linked. I was able to update it and the issue is resolved! For posterity I added the repository and upgraded certbot as follows:

            sudo add-apt-repository ppa:certbot/certbot
            sudo apt-get update
            sudo apt-get install certbot
            

            Then used the command you earlier specified certbot register --update-registration -m user@example.com. Thanks!

      • Update: after some searching I saw that there might be a workaround to manually change the email by going to /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/<hash>/regr.json and the registered email is right there at the top. Hopefully that works; the commenter who posted said it didn't seem to for him though...

Have another answer? Share your knowledge.