Those who choose to use DNS-PERSIST-01 should fully commit to automation and create one LetsEncrypt account per FQDN (or at least per loadbalancer), using a UUID as username.

▲

mcpherrinm 4 hours ago | parent [-]

There is no username in ACME besides the account URI, so the UUID you’re suggesting isn’t needed. The account uri themselves just have a number (db primary key).

If you’re worried about correlating between domains, then yes just make multiple accounts.

There is an email field in ACME account registration but we don’t persist that since we dropped sending expiry emails.

	▲	9dev an hour ago \| parent \| next [-]
		It’s still a valid point IMHO - why not just use the public key directly? It seems like the account URI just adds problems instead of resolving any.
	▲	glzone1 an hour ago \| parent \| prev [-]
		Interesting. I didn't realize the email field wasn't persisted. I assumed it could be used in some type of account recovery scenario.