Feature #16623
Updated by Jim Pingle about 1 month ago
Some CAs now use External Account Binding instead of typical Account Key registration, including:
* ZeroSSL
* SSL.com
* Google
* Actalis
* StepCA (optional, depends on the server config)
This requires two fields:
"EAB Key ID" and "EAB HMAC Key"
These fields are used when registering the account initially via acme.sh, e.g.
<pre>
acme.sh --register-account \
--server <name> \
--eab-kid <id> \
--eab-hmac-key <hmac>
</pre>
They are not necessary for Let's Encrypt so should be hidden by default unless using one of the other CAs or a custom CA. If using a custom CA, they should only be passed if the user filled them in. Let's Encrypt does not require them, other CAs do.