| 13 May 2026 |
 hexa | osnyx (he/him) I don't see a way to make the lego 5.0 migration not renew all certs fwiw | 15:29:36 |
| hexa | https://go-acme.github.io/lego/migration/cli/index.html | 15:29:37 |
| hexa | Redacted or Malformed Event | 15:29:47 |
| hexa | we'll drop renew flags, because renew is gone | 15:35:12 |
| hexa | and both global and renew flags now live in run | 15:35:25 |
| hexa | can't invalidate the hashdata harder | 15:35:43 |
| hexa | + lego run --accept-tos --path . --no-random-sleep --http --http.address :80 --server https://acme.test/dir --key-type ec256 --domains builtin.example.test --domains 192.168.1.2
2026-05-13T15:45:13.971858291Z INFO Private key saved. filepath=accounts/acme.test/noemail@example.com/noemail@example.com.key
2026-05-13T15:45:13.979702584Z ERROR Error error="renew: registration: the account noemail@example.com is not registered"
| 15:51:05 |
| hexa | so on email change we not get "not registered" | 15:51:21 |
| hexa | Redacted or Malformed Event | 15:52:44 |
 emily | we can just drop email for LE, right? | 16:05:48 |
| emily | they no longer use or store it | 16:05:51 |
| emily | but otoh I guess if we key the hash on it then CAA… | 16:06:13 |
| hexa | the test passes an email on the first run | 16:06:52 |
| hexa | drops it on the second | 16:06:54 |
| hexa | and gets that error | 16:06:58 |
| hexa | so renewing with a different email (no email) fails | 16:07:15 |
| hexa | I found --force-cert-domains, which is nice | 16:07:33 |
| hexa | filed an issue https://github.com/go-acme/lego/issues/3084 | 16:25:00 |
| hexa | maybe we need to --force-renew in these cases | 16:26:01 |
| hexa | Redacted or Malformed Event | 16:26:05 |
| hexa | Redacted or Malformed Event | 16:26:26 |
| hexa | --renew-force Force the renewal of the certificate even if it is not due for renewal yet. [$LEGO_RENEW_FORCE]
| 16:26:38 |
| hexa | except that might only be relevant for the renewal threshold skipping | 16:26:46 |
| hexa | if someone has the urge to play with this, here's my progress so far
https://github.com/mweinelt/nixpkgs/pull/new/lego-5.0.3 | 16:30:05 |
| hexa | will grab some food now | 16:30:23 |
| hexa | this drops the domainhash comparison, because I'm not sure whether it makes a meaningful difference anymore | 16:32:16 |
| hexa | we need to understand how the new interface treats flag changes before renewal time first | 16:33:27 |
| hexa | great response from upstream | 19:12:10 |
| hexa | https://go-acme.github.io/lego/advanced/accounts/index.html#register | 19:12:20 |
| hexa | we can even self-manage registrations | 19:12:25 |
