Hi,
Working with the acme4j for a while with Let’s Encrypt and everything working well.
Now, we are considering to use some other CA as a backup, and this CA requires External Account Binding in order to use the acme API.
Tried to do it using the acme4j client and encountered the following exception:
“[External Account Binding] The account is not awaiting external account binding”
Any advise?
Thanks!
@shred ?
Actually, this is not an acme4j error message…
Are you using acme4j directly, or via a client tool?
When you open the directory URL of the CA in a browser, you should find a key externalAccountRequired in the meta section, which should have the value true. Otherwise the CA is not requesting External Account Binding.
I’m using acme4j directly:
accountBuilder = new AccountBuilder()
.agreeToTermsOfService()
.withKeyIdentifier(acmeConfig.getKeyId(), acmeConfig.getEncodedHmac())
.useKeyPair(accountKey)
Yes, this is an error returning from the acme server.
When I open the CA’s URL from the browser I can see ““externalAccountRequired”: true”.
I’m trying to get help from the CA’s support, will update if I found the solution.
The code looks good to me. Another reason could be that you are using a Session instance that is connecting to a different server (e.g. the Let’s Encrypt server). You can use Session.getServerUri() and check if the server URI is correct.
Due to tight unit tests, I am confident that the Custom Key Identifier is correctly implemented in acme4j, but it hasn’t been field tested yet (at least not that I am aware of). If there is a bug in acme4j, or if the CA needs a special handling, I’ll gladly help.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.