Certbot Privacy Policy
The certbot.eff.org site is covered under the EFF privacy policy.
Certbot is an extensible client for Certificate Authorities that speak the ACME protocol. Currently, the default CA is Let’s Encrypt. Certbot can automate the tasks of obtaining certificates and configuring webservers to use them. While Certbot runs on your computer, it necessarily needs to collect and transfer some information to the CA in order to do its job.
Certbot is published by the Electronic Frontier Foundation, the leading nonprofit organization defending civil liberties in the digital world. EFF is committed to protecting privacy online, and has established this Privacy Policy to explain what information Certbot collects and how it is used.
Information Collection
Certbot locally stores a variety of information provided by you, including internal housekeeping information created by the ACME protocol, the certificate information (domain name, public key, time, and specifically selected options), the IP address of the server, a user agent string, which is the operating system the server is running, plus which plugins you’re using with Certbot. If you use the “manual” authenticator plugin on your own laptop, the IP address logged by the CA would be the one your ISP gave you, rather than that of the public server.
In addition to the minimal information necessary to create certificates. Certbot may also transmit additional information to facilitate reliable operation and debugging of ACME client and server software. By default this includes a User Agent string containing the operating system and version of the machine on which Certbot is run, plus the plugins that the user selected (you can alter or remove this with the –user-agent flag). It also includes contact information such as an email address, if you choose to supply one, so that the CA can notify you about matters such as expiring, unrenewed certificates; security vulnerabilities; or important changes to its policies.
Certbot never transmits the private key associated with your certificate to the CA, EFF, or anyone else.
Certbot may also ask you to provide information to EFF, such as your contact information, bug reports or information to help with technology research, which generally will not include personally identifiable information.
Information Disclosure
Certbot provides this information to the CA you select.
Currently, Certbot works with Let’s Encrypt by default, which, as of April 2016, has three documents that discuss its privacy practices for this information; the Let’s Encrypt Privacy Policy section on Subscribers, it’s Certification Practice Statement (which, as of April 2016, just references back to the Privacy Policy), and the Let’s Encrypt Subscriber Agreement (Section 4.1).
Let’s Encrypt also operates Community Forums, using Discourse, where you may want to look to find answers to your questions about Certbot. These are subject to the Let’s Encrypt and Discourse privacy policies.
Let’s Encrypt may change these policies or providers from time to time. If you have questions about Let’s Encrypt’s privacy practices, please contact them directly at security@letsencrypt.org.
The Certbot community can be contacted through the Open and Free Technology Community’s IRC service, irc.OFTC.net, on the #certbot and #certbot-dev channels. The IRC is operated by OFTC, which does not publish a privacy policy.
In addition, you may elect to provide information to EFF through Certbot, such as your contact information or bug reports. That information will be protected by the EFF Technology Project Privacy Policy.
Changes to This Policy
EFF’s Certbot Privacy Policy may change from time to time. However, any revised privacy policy will be consistent with EFF’s mission.