Account Key Settings¶

An ACME account key has settings which identify the owner of a certificate and the ACME server which will issue the certificate.

Identification¶

Name: A short name for the Account Key used as an internal identifier unique to this entry.
Description: A longer string describing the Account Key and its purpose.
E-Mail Address: An e-mail address associated with this Account Key. The ACME server might use this address to send important communications about the Account Key or certificates issued using this Account Key.

Note

The Let’s Encrypt service no longer sends expiration notices for certificates via e-mail. They still send announcements to this address, such as when they add or deprecate certificate features.

ACME Server¶

ACME Server

The ACME server to which this key will be registered by the package.

Available servers include:

Let’s Encrypt Staging: Use this server when testing the certificate validation process. Has more lenient rate limits which allow for easier testing. Does not produce publicly trusted certificates.
Let’s Encrypt Production: Use this server for trusted production certificates.
ZeroSSL Production: Certificates issued by the ZeroSSL service.
SSL.com RSA/ECC Production: Certificates issued by SSL.com either with RSA or ECC keys.
Google Staging/Production: Certificates issued by Google, either for staging/testing or production.
Actalis: Certificates issued by Actalis. Free certificates using this server can only have the domain itself and the www. hostname. Does not allow wildcards.

The selection list also includes Custom ACME Servers.

EAB Key ID

External Account Binding (EAB) Key ID. The ACME package uses this value along with the EAB HMAC Key to register this Account Key with a specific account on the ACME server.

Check with the ACME Server/CA to determine if they require EAB, and for information on how to generate the value. Leave blank if the ACME Server does not require EAB.

EAB HMAC Key

External Account Binding HMAC Key. The ACME package uses this value along with the EAB Key ID to register this Account Key with a specific account on the ACME server.

Check with the ACME Server/CA to determine if they require EAB, and for information on how to generate the value. Leave blank if the ACME Server does not require EAB.

Account Key¶

Account Key

The private key which uniquely identifies and authorizes the account.

To create a new key, click fa-plus Generate New Account Key.

Registration¶

Click fa-key Register ACME Account Key to register the account key with the selected ACME server. This registration may happen automatically while issuing or renewing a certificate, but doing so manually allows the user to ensure the registration process is working before attempting validation.

Warning

The Let’s Encrypt service does not require any special registration steps, the above procedure will work as written with that service.

Some ACME servers have manual key validation, External Account Binding, and/or registration procedures which must be performed before attempting to issue a certificate. Check with the ACME server provider before registering a key.