add --no-email for disabling email in ACME query

cmd/accounts_storage.go

@@ -58,6 +58,7 @@ const (
 //	     │      └── root accounts directory
 //	     └── "path" option
 type AccountsStorage struct {
+	noEmail         bool
 	userID          string
 	rootPath        string
 	rootUserPath    string
@@ -68,8 +69,14 @@ type AccountsStorage struct {
 
 // NewAccountsStorage Creates a new AccountsStorage.
 func NewAccountsStorage(ctx *cli.Context) *AccountsStorage {
-	// TODO: move to account struct? Currently MUST pass email.
-	email := getEmail(ctx)
+	var userID string
+	noEmail := ctx.IsSet("no-email")
+	if noEmail {
+		userID = "default"
+	} else {
+		// TODO: move to account struct?
+		userID = getEmail(ctx)
+	}
 
 	serverURL, err := url.Parse(ctx.String("server"))
 	if err != nil {
@@ -79,10 +86,11 @@ func NewAccountsStorage(ctx *cli.Context) *AccountsStorage {
 	rootPath := filepath.Join(ctx.String("path"), baseAccountsRootFolderName)
 	serverPath := strings.NewReplacer(":", "_", "/", string(os.PathSeparator)).Replace(serverURL.Host)
 	accountsPath := filepath.Join(rootPath, serverPath)
-	rootUserPath := filepath.Join(accountsPath, email)
+	rootUserPath := filepath.Join(accountsPath, userID)
 
 	return &AccountsStorage{
-		userID:          email,
+		noEmail:         noEmail,
+		userID:          userID,
 		rootPath:        rootPath,
 		rootUserPath:    rootUserPath,
 		keysPath:        filepath.Join(rootUserPath, baseKeysFolderName),
@@ -110,6 +118,9 @@ func (s *AccountsStorage) GetRootUserPath() string {
 }
 
 func (s *AccountsStorage) GetUserID() string {
+	if s.noEmail {
+		return ""
+	}
 	return s.userID
 }
 

cmd/flags.go

@@ -31,6 +31,12 @@ func CreateFlags(defaultPath string) []cli.Flag {
 			Aliases: []string{"m"},
 			Usage:   "Email used for registration and recovery contact.",
 		},
+		&cli.BoolFlag{
+			Name:    "no-email",
+			Aliases: []string{"M"},
+			EnvVars: []string{"LEGO_NO_EMAIL"},
+			Usage:   "Create an ACME request without including an email address.",
+		},
 		&cli.StringFlag{
 			Name:    "csr",
 			Aliases: []string{"c"},

cmd/setup.go

@@ -84,7 +84,7 @@ func getKeyType(ctx *cli.Context) certcrypto.KeyType {
 func getEmail(ctx *cli.Context) string {
 	email := ctx.String("email")
 	if email == "" {
-		log.Fatal("You have to pass an account (email address) to the program using --email or -m")
+		log.Fatal("You have to pass an account (email address) to the program using --email or -m, or use --no-email or -M to disable including an email in the ACME request.")
 	}
 	return email
 }

docs/data/zz_cli_help.toml

@@ -23,6 +23,7 @@ GLOBAL OPTIONS:
    --server value, -s value                                     CA hostname (and optionally :port). The server certificate must be trusted in order to avoid further modifications to the client. (default: "https://acme-v02.api.letsencrypt.org/directory")
    --accept-tos, -a                                             By setting this flag to true you indicate that you accept the current Let's Encrypt terms of service. (default: false)
    --email value, -m value                                      Email used for registration and recovery contact.
+   --no-email, -M                                               Create an ACME request without including an email address. (default: false) [$LEGO_NO_EMAIL]
    --csr value, -c value                                        Certificate signing request filename, if an external CSR is to be used.
    --eab                                                        Use External Account Binding for account registration. Requires --kid and --hmac. (default: false) [$LEGO_EAB]
    --kid value                                                  Key identifier from External CA. Used for External Account Binding. [$LEGO_EAB_KID]