Not sure if this is more of a ZeroSSL thing or an ACMEv2 thing, but I’m trying out ZeroSSL’s portable win64 client to generate a wildcard cert (v 0.30) and it keeps failing at ‘must agree to terms of service’. I can find no standard command to agree unattended, and there’s no popup or prompt. What am I missing?
This is an initial registration so I’m including an email addr. intent is to have ECC keys generated. All files (except the cert) generate fine. The following is latest example (redacted):
2018/03/16 11:26:23 [ ZeroSSL Crypt::LE client v0.30 started. ]
2018/03/16 11:26:23 Loading an account key from account.key
2018/03/16 11:26:23 Loading a CSR from star.domain.com.csr
2018/03/16 11:26:26 Registering the account key
2018/03/16 11:26:26 must agree to terms of service
This is likely to happen only when new account key gets created and only against the API v2. This is going to be fixed in the version 0.31, which is already being tested and should be released either later today or tomorrow. Meanwhile re-running the client might make that issue go away.
It will fail because api 1 doesn't support wildcards but it will register your account and will agreed the terms, now just change -api 1 to -api 2 and try again:
Thanks for your response - I went ahead and generated an account using ACME V1 for a different domain we own, it allowed the key to be registered, then I tried the above command again, key already registered, seems to go through now with *.domain.com request now.
Great workaround suggested with flipping api to 1 and back btw This should be fixed shortly. Previously in v1 new-reg would have successfully created an account without the terms agreed and then the next call would be to actually agree to TOS. In v2 newAccount errors back though if TOS is not accepted within that call, which basically makes agreeing to TOS as a separate step obsolete. Not entirely sure if that approach is better, but perhaps it allows avoiding having too many "incomplete" accounts...