32

The email address used as the admin email when we started using let's encrypt needs to be modified (a former employee used his personal email address as the admin email and he is no longer with the firm). What steps need to be taken to get that modified (we can get the former employee to confirm this). We need to remove his personal email address and replace it with a new email address. This will be used for key recovery actions. In either case, I would like the former employee's personal email address to be removed. What steps do I need to take to accomplish this (if my understanding of the process is incorrect, kindly point me to the right direction). Thanks in advance.

ali haider
  • 1,140
  • 3
  • 16
  • 29
  • 1
    I ended up creating a new certificate (since I was in control of the server/domain and was able to replace the existing one). – ali haider Dec 28 '16 at 15:33

5 Answers5

56

Use: 

certbot-auto register --update-registration --email new_email@example.com

or

certbot register --update-registration --email new_email@address.org

or 

certbot update_account --email yourname+1@example.com

certbot-auto or certbot will work if you have the executable under /usr/sbin. If you're unable to call certbot-auto globally, use the path to the certbot-auto file.

Source: https://letsencrypt.org/docs/expiration-emails/

Pablo A
  • 177
  • 1
  • 9
Ralph
  • 862
  • 11
  • 26
13

There is also a contact email address stored by the python letsencrypt client under: /etc/letsencrypt/accounts/acme-v01.api.letsencrypt.org/directory/{someKindOfHash}/regr.json

I believe that if you create multiple certs from the same letsencrypt client instance, it reuses the email address stored in regr.json, at least for expiry alert emails.

Alex Nauda
  • 436
  • 4
  • 7
13

Update based on https://letsencrypt.org/docs/expiration-emails/

certbot update_account --email yourname+1@example.com

Before This is just an update on n3rve's answer, since certbot-auto didn't work for me:

certbot register --update-registration --email new_email@address.org
lupo
  • 131
  • 1
  • 4
7

According to https://letsencrypt.org/docs/expiration-emails/

certbot update_account --email yourname@example.com

I guess it keeps on changing

YesItsMe
  • 191
  • 1
  • 5
  • Yes, indeed it does. Documentation is an ongoing process. – lupo Aug 02 '19 at 09:40
  • Was there not once syntax to add multiple emails? And the snap I am using has no man entry? – mckenzm Jan 09 '23 at 22:48
  • comma delimited, [link](https://eff-certbot.readthedocs.io/en/stable/using.html#certbot-command-line-options:~:text=%2Dm%20EMAIL%2C%20%2D%2Demail%20EMAIL%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20Email%20used%20for%20registration%20and%20recovery%20contact.%20Use%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20comma%20to%20register%20multiple%20emails%2C%20ex%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20u1%40example.com%2Cu2%40example.com.%20(default%3A%20Ask)). – YesItsMe Jan 11 '23 at 04:42
1

Because Let's Encrypt is a certificate authority, I'm guessing you want to update the data (an email) within your certificate.

If the certificate was signed, there is no way to update it. A new certificate will need to be produced.

Jack Frost
  • 58
  • 4
  • yes, that's what I am resorting to, thanks for sharing – ali haider Jan 25 '16 at 19:55
  • 20
    This is actually incorrect. LE doesn't add the email to the signed certificate. The registered email address is only used for expiration notifications. And it can be updated via the ACME protocol if you have the original account key. – Ryan Bolger Mar 14 '18 at 15:03