No registration exists matching provided key

I wanted to have ssl for my own server (Openbsd httpd, acme-client), but I’m getting the following error:
“no registration exists matching provided key”.
Could any one please let me know what the error means?
I checked docs for a while and tried several times but I can’t find much and still get the same error.
I would really appreciate any help.

This means that for the key you use with acme-tool, there is no corresponding account which has been setup via the ACME API before. Just try to create another account and use this instead.

Thank you for your prompt and to the point reply, indeed!
But I don’t seem to know how to create another account and usd this instead.
I only used the command “acme-client --vvAD”, which the man page says that creates a new account. I just used the same command as the above every time I try. I seem to remember the output said “(something) exists; not creating”. Can I just delete the existing account? How can I do so?

I would indeed try to do this. But I don't know where this client saves its data.

Thank you bytecamp. I seem to have deleted the account and enter the command again, and I now get the error/line that I got at my first attemp:
"does not match current agreement URL"
Would you let me know anything about it?

I mean, about this error: “does not match current agreement URL”

It sounds like the client is trying to use an old version of the subscriber agreement.

Most clients either automatically detect the latest subscriber agreement, or at least have been updated to hardcode the current one.

I'm not sure how acme-client works.

Check to see if you can upgrade it, or try passing "-a".


Edit again:

For future reference, the first issue discusses current ways to automatically get the current subscriber agreement URL.

One of them is to download -- and it's just JSON, so you can open and read it in a browser -- and use the terms-of-service element.

I don't know if the ACME v2 API will change things, though.

1 Like

ACMEv2's new-account requests only have to send a termsOfServiceAgreed: yes value, not the subscriber agreement URL they are agreeing to. I suspect this will make everyone's lives easier :slight_smile:

1 Like

Thank you indeed, bytecamp, mnordhoff, and cpu!
You guys really really helped me a lot. Also provided me with good information, I can’t express how much I appreciated your help.
I am looking into some other issue but seem to have solved the errors issue yesterday, shortly after reading those replies, by adjusting the lines regarding the URL in the configuration file. If I have other errors or so I’ll write again.

I’m a bit worried if such ‘unsuccessful’ attepts also count by the Rate Limits, in any way. Kindly clarify me, if any one can.

Thank you indeed again!

1 Like

It's fine. Let's Encrypt's rate limits are documented here:

The new-reg endpoint has a limit of 20 requests per second, and successful account creations have a limit, but as long as you're not DoSing the service, a reasonable number of unsuccessful registration attempts should be fine. :slightly_smiling_face:

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.