Project

General

Profile

Actions
Copy link

Feature #16623

closed

Account Key fields for External Account Binding

Added by Jim Pingle about 2 months ago. Updated 26 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Jim Pingle
Category:
ACME
Target version:
-
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:

Description

Some CAs now use External Account Binding instead of typical Account Key registration, including:

  • ZeroSSL
  • SSL.com
  • Google
  • Actalis
  • StepCA (optional, depends on the server config)

This requires two fields:

"EAB Key ID" and "EAB HMAC Key"

These fields are used when registering the account initially via acme.sh, e.g.

acme.sh --register-account \
        --server <name> \
        --eab-kid <id> \
        --eab-hmac-key <hmac>

They should only be passed if the user filled them in. Let's Encrypt does not require them, other CAs do.

Actions
Copy link

Also available in: Atom PDF