External Account Binding support. #478

New Issue

adam · 2025-12-29T01:25:57+01:00

adam commented

2025-12-29 01:25:57 +01:00

Originally created by @tzim-fr on GitHub (Jun 19, 2020).

Certigo service support ACME, but it requires support for "external account binding" (see section 7.3.4 in acme specs) at registration.

If I understand the specs correctly, only the newAccount request needs to be modified.
Is there plans to implement this feature ?

Originally created by @tzim-fr on GitHub (Jun 19, 2020). Certigo service support ACME, but it requires support for "external account binding" (see section 7.3.4 in acme specs) at registration. If I understand the specs correctly, only the newAccount request needs to be modified. Is there plans to implement this feature ?

adam closed this issue

2025-12-29 01:25:57 +01:00

adam commented

2025-12-29 01:25:58 +01:00

@lukas2511 commented on GitHub (Jul 5, 2020):

Looks easy to implement, but I have nowhere to actually test this...

Note to self: https://tools.ietf.org/html/rfc8555#section-7.3.4

@lukas2511 commented on GitHub (Jul 5, 2020): Looks easy to implement, but I have nowhere to actually test this... Note to self: https://tools.ietf.org/html/rfc8555#section-7.3.4

adam commented

2025-12-29 01:25:59 +01:00

@cpu commented on GitHub (Jul 6, 2020):

I have nowhere to actually test this...

Pebble supports external account binding.

@cpu commented on GitHub (Jul 6, 2020): > I have nowhere to actually test this... Pebble [supports external account binding](https://github.com/letsencrypt/pebble/pull/288).

adam commented

2025-12-29 01:25:59 +01:00

@lukas2511 commented on GitHub (Jul 6, 2020):

I have nowhere to actually test this...

Pebble supports external account binding.

Ah, @cpu to the rescue ;)

Was going to set up Pebble anyway for automatic testing, will work on this feature when my test environment is back up! 👍

@lukas2511 commented on GitHub (Jul 6, 2020): > > I have nowhere to actually test this... > > Pebble [supports external account binding](https://github.com/letsencrypt/pebble/pull/288). Ah, @cpu to the rescue ;) Was going to set up Pebble anyway for automatic testing, will work on this feature when my test environment is back up! :+1:

adam commented

2025-12-29 01:25:59 +01:00

@sigio commented on GitHub (Nov 23, 2020):

Zerossl is now live, which is sectigo's ssl service
CA ACME endpoint is at https://acme.zerossl.com/v2/DV90

Trying to use it returns:

{"type":"urn:ietf:params:acme:error:externalAccountRequired","status":400,"detail":"The request must include a value for the "externalAccountBinding" field"}

@sigio commented on GitHub (Nov 23, 2020): Zerossl is now live, which is sectigo's ssl service CA ACME endpoint is at https://acme.zerossl.com/v2/DV90 Trying to use it returns: {"type":"urn:ietf:params:acme:error:externalAccountRequired","status":400,"detail":"The request must include a value for the \"externalAccountBinding\" field"}

adam commented

2025-12-29 01:26:00 +01:00

@saz commented on GitHub (Nov 23, 2020):

You should set EAB_KID/EAB_HMAC_KEY in your config

@saz commented on GitHub (Nov 23, 2020): You should set EAB_KID/EAB_HMAC_KEY in your config

adam commented

2025-12-29 01:26:00 +01:00

@sigio commented on GitHub (Nov 24, 2020):

Thanks... that worked (as soon as I upgraded to latest version :P )

@sigio commented on GitHub (Nov 24, 2020): Thanks... that worked (as soon as I upgraded to latest version :P )

adam commented

2025-12-29 01:26:00 +01:00

@lukas2511 commented on GitHub (Dec 10, 2020):

This is now implemented.

@lukas2511 commented on GitHub (Dec 10, 2020): This is now implemented.

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#478