Is letsencrypt registration email address stored in certificate

lonix

6/3/24, 12:56 AM

I'm using letsencrypt in two ways: a docker stack using certbot, and another using traefik (which performs certificate management automatically, using lego). In both cases there's a setting for the registration email address.

Is that email address stored in the certificate, or elsewhere? And can anyone (other than letsencypt) discover that email address?

183

2 + 0

ssl-certificate

certificate-authority

lets-encrypt

certbot

traefik

Score:0

Server

Colin Hines

6/3/24, 7:09 AM

The beginning of the certificate process starts with creating a CSR or Certificate Signing Request. This request allows the optional entry of an email address which would then be embedded into the certificate once it was provided.

The documentation and video at the link below shows how they are created.

https://www.ssl.com/how-to/manually-generate-a-certificate-signing-request-csr-using-openssl/

+ 1

lonix

6/6/24, 12:51 AM

Thanks for your help. But apparently the email address is not encoded into the certificate. See the other answer for details.

Score:0

Server

lonix

6/6/24, 12:49 AM

From the letsencrypt forum:

The only ones who know that (very powerful) email address are you, and Let's Encrypt
It's used by Let's Encrypt to inform you of a pending expiration
It won't be encoded into the certificate
It won't be published anywhere, and so won't be contained in any "transparency logs" service

And:

The correlation of email to account/domains only exists in two places:

LetsEncrypt's database, which associates an Email Address to an Account ID. LetsEncrypt staff can pull this info themselves. You can pull this info yourself by presenting LetsEncrypt with the current AccountKey, which happens under secure https connections. No third party can access this information from LetsEncrypt. Intercepting this information during an API call would require a MITM or other attack.

If LetsEncrypt sends an expiry email, that email may be relayed to you by trusted third parties. It is possible, but incredibly unlikely, that (i) LetsEncrypt's email service providers or (ii) your email service provider, are mining this information from the emails they relay and store.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is letsencrypt registration email address stored in certificate

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.