diff --git a/CHANGES b/CHANGES
index 282552125..3d9aadccc 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1842,4 +1842,5 @@
 * make branding routes owner only
 * add branding API
 * Add app start/stop/restart events
+* Use the primary email for LE account
 
diff --git a/src/reverseproxy.js b/src/reverseproxy.js
index 35d61dfd1..05532f290 100644
--- a/src/reverseproxy.js
+++ b/src/reverseproxy.js
@@ -79,7 +79,7 @@ function getCertApi(domainObject, callback) {
     // we simply update the account with the latest email we have each time when getting letsencrypt certs
     // https://github.com/ietf-wg-acme/acme/issues/30
     users.getOwner(function (error, owner) {
-        options.email = error ? 'support@cloudron.io' : (owner.fallbackEmail || owner.email); // can error if not activated yet
+        options.email = error ? 'support@cloudron.io' : owner.email; // can error if not activated yet
 
         callback(null, api, options);
     });
diff --git a/src/users.js b/src/users.js
index 9224ce6cc..aaaf185b1 100644
--- a/src/users.js
+++ b/src/users.js
@@ -179,7 +179,7 @@ function create(username, password, email, displayName, options, auditSource, ca
                 id: 'uid-' + uuid.v4(),
                 username: username,
                 email: email,
-                fallbackEmail: email,   // for new users the fallbackEmail is also the default email
+                fallbackEmail: email,
                 password: Buffer.from(derivedKey, 'binary').toString('hex'),
                 salt: salt.toString('hex'),
                 createdAt: now,