Certbot is an extensible client for Certificate Authorities that speak the ACME protocol. Currently, the default CA is Let’s Encrypt. Certbot can automate the tasks of obtaining certificates and configuring webservers to use them. While Certbot runs on your computer, it necessarily needs to collect and transfer some information to the CA in order to do its job.
Certbot locally stores a variety of information provided by you, including internal housekeeping information created by the ACME protocol, the certificate information (domain name, public key, time, and specifically selected options), the IP address of the server, a user agent string, which is the operating system the server is running, plus which plugins you’re using with Certbot. If you use the “manual” authenticator plugin on your own laptop, the IP address logged by the CA would be the one your ISP gave you, rather than that of the public server.
In addition to the minimal information necessary to create certificates Certbot may also transmit additional information to facilitate reliable operation and debugging of ACME client and server software. By default this includes a detailed User Agent string, which may contain a variety of values, such as the operating system and version of the machine on which Certbot is run and the software version, the plugins that the user selected, the command with which you called Certbot, and certain flags on the command line or fields in config files. You can alter or remove this with the
--user-agent flag. We may also ask you questions in the interface, and Certbot may also transmit the answers to the CA. Certbot also may transmit contact information such as an email address, if you choose to supply one, so that the CA can notify you about matters such as expiring, unrenewed certificates; security vulnerabilities; or important changes to its policies.
Certbot never transmits the private key associated with your certificate to the CA, EFF, or anyone else.
Certbot may also ask you to provide information to EFF, such as your contact information, bug reports or information to help with technology research, which generally will not include personally identifiable information.
Certbot provides this information to the CA you select.
Let’s Encrypt also operates Community Forums, using Discourse, where you may want to look to find answers to your questions about Certbot. These are subject to the Let’s Encrypt and Discourse privacy policies.
Let’s Encrypt may change these policies or providers from time to time. If you have questions about Let’s Encrypt’s privacy practices, please contact them directly at firstname.lastname@example.org.
Changes to This Policy
Updated on April 2nd, 2020 to change Freenode IRC channel.
Updated on October 25th, 2018 to reflect changes to IRC services used.
Updated on June 23rd, 2017 to add additional IRC services.
Updated on June 7th, 2017 to clarify which values are collected in the User Agent string.