Gethttpsforfree step 3

In the step 3 instructions of gethttpsforfree its say:
" Be sure to change the account private key location so it points to your real private key."

I have a private key but where is it?
(I am using CPanel and my host is GoDaddy).

Can anyone help me?

My domain is:

I ran this command:

PRIV_KEY=./account.key; echo -n "ey.............X0" | openssl dgst -sha256 -hex -sign $PRIV_KEY

It produced this output:

(stdin)= 5c............b7

Which I plugged into the field on Step 3 of gethttpsforfree and got this error message:

Error: Account registration failed. Please start back at Step 1. { "type": "urn:ietf:params:acme:error:badNonce", "detail": "JWS has an invalid anti-replay nonce: "0104OnHroMvhSRrLpp7BGT1PZySYV0u4Fv5dtOg-pluK9VI"", "status": 400 }

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don't know):
I don't know
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

1 Like

Hey Joseph! :slightly_smiling_face:

You need two private keys to use The first is your ACME account key. The second is for the certificate. They cannot be the same key! You created the first one (for your certificate) in cPanel. The second one can be created using the commands I've given to you below.

I'm going to give you the commands to do this. :wink:

I'm hoping to have my modified client running soon.


Run these in your home folder (or anywhere not in your www)!

openssl genrsa -out account.key 2048

openssl rsa -in account.key -pubout -out public.key

You now have account.key and public.key. Don't lose them! You will reuse these over and over as they are for your ACME account.

I'm proud of you Joseph. You took the road less traveled that leads to ultimate security. :grin:

1 Like

This means you took too long. This is very much a one-and-done process, but it works. I can assure you.

1 Like

./account.key will look for account.key in the current folder where you're running your commands. If you used the commands I gave you above then the command you copied from the website should work directly.

Hi Griffin, Thanks!!!
So as per gethttpsforfree:
Step 1: Account Info - completed
Step 2: Certificate Signing Request - completed
Step 3: Sign API requests - This is where I need help. It says:
"1. Copy and paste the command below into your terminal (if your account private key isn't at "./account.key", change "./account.key" in the command to wherever it exists)."
So do I copy (from the box) PRIV_KEY=./account.key; echo -n "ey...etc into the Cygwin64 terminal?



You did use public.key in step 1, right? (not your cert public key)

The nice thing with this process is that your ACME account keys don't even need to be on your GoDaddy hosting (e.g. you can run openssl from your home computer and keep your ACME account keys there). You just want to make sure they're not exposed to the web.

1 Like


Joseph was previously using my client, which you already know the story about. Take good care of him when I'm away. I have to run for dinner in a minute.

1 Like

Making progress, thanks Griffin!, My main problem was I was taking too long, and then not starting over at step 1


It happens, my friend. :slightly_smiling_face:

This process will test your patience and dexterity, but you will feel like you accomplished something in the end. The TXT record process is the same as with my client. Just one record at a time. I'm running for a bit. I'll check back later. If Rudy (@rg305) is around, he can answer whatever questions you may have in the meantime.

1 Like

Great, I made it through step 3.
I got onto step 4 and I took too long and the error message said go back to Step 1.
I will start over tomorrow, but I'm not foreseeing any problems
Thanks for taking time for me!!