External Account Binding support.

[tzim-fr]

Certigo service support ACME, but it requires support for "external account binding" (see section 7.3.4 in acme specs) at registration.

If I understand the specs correctly, only the newAccount request needs to be modified. Is there plans to implement this feature ?

[lukas2511]

Looks easy to implement, but I have nowhere to actually test this...

Note to self: https://tools.ietf.org/html/rfc8555#section-7.3.4

[cpu]

I have nowhere to actually test this...

Pebble supports external account binding.

[lukas2511]

I have nowhere to actually test this...

Pebble supports external account binding.

Ah, @cpu to the rescue ;)

Was going to set up Pebble anyway for automatic testing, will work on this feature when my test environment is back up! :+1:

[sigio]

Zerossl is now live, which is sectigo's ssl service CA ACME endpoint is at https://acme.zerossl.com/v2/DV90

Trying to use it returns:

{"type":"urn:ietf:params:acme:error:externalAccountRequired","status":400,"detail":"The request must include a value for the \"externalAccountBinding\" field"}

[saz]

You should set EAB_KID/EAB_HMAC_KEY in your config

[sigio]

Thanks... that worked (as soon as I upgraded to latest version :P )

[lukas2511]

This is now implemented.