Let's Encrypt Email Address settings
It should be possible to define a default email address which (optionally) overrides the email address normally used be Let's Encrypt Extension for Plesk.
I suggest to add config options 'defaultemail' (string) and 'overrideemail' (bool) to the LE extension. 'defaultemail' defines which email address is pre-filled in the "Email" field when first installing a certificate, and is used instead of any previously configured address if 'overrideemail' is set to true.
'override_email' could also be implemented per-domain, so that it can be set for some domains only, perhaps even in Service Plans?
Additionally, a mass action to update multiple domains' LE Email Address in the extensions UI would be nice, too.
Old Forum Question related to this topic: https://talk.plesk.com/threads/how-to-change-letsencrypt-email-address-for-all-accounts.344386/
Let's Encrypt's info about Emails: https://letsencrypt.org/docs/expiration-emails/
(certbot flag "--email")
Managing LE Extension: https://docs.plesk.com/en-US/onyx/administrator-guide/plesk-administration/managing-lets-encrypt-settings.78586/
(existing configuration options)
Damon Dransfeld
shared this idea
This is a valid request, so we’ll look into it. There is no ETA at the moment, but we would really appreciate you voting for this request so that we can accurately assess its popularity relative to other features. Thanks in advance!
— rk
-
Bitpalast GmbH
commented
It may not appear so at first sight, but the relevance of this request is actually high. The reason for it is GDPR. When the "Keep websites secured" setting is "on" in a service plan, Plesk will auto-create SSL certificates for the domains in a subscription. It will use the subscription's master email address for it. This however will be a violation of GDPR in many cases, because the email address will become known to Let's Encrypt systems, which reside outside GDPR countries. The email address is considered "private data" in terms of privacy rights, so transmitting it to Let's Encrypt servers requires the explicit consent of the subscription owner.
While a subscription owner can enter an individual mail address when creating a Let's Encrypt SSL certificate manually, the subscriber cannot do the same for auto-created certificates. In the current solution, the subscriber is forced to manually create all certiifcates to ensure correct GDPR handling. So are webhosting providers who setup a new subscription for their customer(s). If they do not manually create the SSL certificate with a domain based email address, so that no private information of the subscriber is revealed to Let's Encrypt, they violate GDPR, because it is their servers that transmit the subscribers private email address.
-
John
commented
Our problem is that the extension defaults to the admin e-mailaddress, this is the default value when manually installing a certificate but also for the automatic installation.
Even a simple new variable the panel.ini to change this default e-mailaddress would help us greatly.