Switching from letsencrypt (client) to acme-client - where is my account key?












2















I started using letsencrypt when there was an "official" client called letsencrypt. I now want to change to acme-client - that is, the C implementation.



I think I manage to configure my sites, and find the certificates for them, but I get the error



acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 403
acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized",
"detail": "No registration exists matching provided key", "status": 403 }]
(120 bytes)


I don't think I got the account key right. Where did letsencrypt store that? I find a directory called /etc/letsencrypt/accounts, but below, there are no pem-files, only jsonwith strange content...



So my questions are:





  • Did letsencrypt store the account key in pem-format?




    • If so, where can I find it?


    • If not - is the key stored anywhere in a way that is transformable to pem-format?













share|improve this question





























    2















    I started using letsencrypt when there was an "official" client called letsencrypt. I now want to change to acme-client - that is, the C implementation.



    I think I manage to configure my sites, and find the certificates for them, but I get the error



    acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 403
    acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized",
    "detail": "No registration exists matching provided key", "status": 403 }]
    (120 bytes)


    I don't think I got the account key right. Where did letsencrypt store that? I find a directory called /etc/letsencrypt/accounts, but below, there are no pem-files, only jsonwith strange content...



    So my questions are:





    • Did letsencrypt store the account key in pem-format?




      • If so, where can I find it?


      • If not - is the key stored anywhere in a way that is transformable to pem-format?













    share|improve this question



























      2












      2








      2








      I started using letsencrypt when there was an "official" client called letsencrypt. I now want to change to acme-client - that is, the C implementation.



      I think I manage to configure my sites, and find the certificates for them, but I get the error



      acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 403
      acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized",
      "detail": "No registration exists matching provided key", "status": 403 }]
      (120 bytes)


      I don't think I got the account key right. Where did letsencrypt store that? I find a directory called /etc/letsencrypt/accounts, but below, there are no pem-files, only jsonwith strange content...



      So my questions are:





      • Did letsencrypt store the account key in pem-format?




        • If so, where can I find it?


        • If not - is the key stored anywhere in a way that is transformable to pem-format?













      share|improve this question
















      I started using letsencrypt when there was an "official" client called letsencrypt. I now want to change to acme-client - that is, the C implementation.



      I think I manage to configure my sites, and find the certificates for them, but I get the error



      acme-client: https://acme-v01.api.letsencrypt.org/acme/new-authz: bad HTTP: 403
      acme-client: transfer buffer: [{ "type": "urn:acme:error:unauthorized",
      "detail": "No registration exists matching provided key", "status": 403 }]
      (120 bytes)


      I don't think I got the account key right. Where did letsencrypt store that? I find a directory called /etc/letsencrypt/accounts, but below, there are no pem-files, only jsonwith strange content...



      So my questions are:





      • Did letsencrypt store the account key in pem-format?




        • If so, where can I find it?


        • If not - is the key stored anywhere in a way that is transformable to pem-format?










      letsencrypt






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Mar 5 at 9:22







      Bex

















      asked Jun 5 '17 at 8:48









      BexBex

      274214




      274214






















          1 Answer
          1






          active

          oldest

          votes


















          1














          Another solution, much easier, is to re-register the account using



          acme-client -DAvv <domain>


          after having opened port 80 and configured httpd to answer calls with the additional



          location "/.well-known/acme-challenge/*" { 
          root "/acme"
          root strip 2
          }





          share|improve this answer
























            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "106"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            autoActivateHeartbeat: false,
            convertImagesToLinks: false,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: null,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f369261%2fswitching-from-letsencrypt-client-to-acme-client-where-is-my-account-key%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            1 Answer
            1






            active

            oldest

            votes








            1 Answer
            1






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes









            1














            Another solution, much easier, is to re-register the account using



            acme-client -DAvv <domain>


            after having opened port 80 and configured httpd to answer calls with the additional



            location "/.well-known/acme-challenge/*" { 
            root "/acme"
            root strip 2
            }





            share|improve this answer




























              1














              Another solution, much easier, is to re-register the account using



              acme-client -DAvv <domain>


              after having opened port 80 and configured httpd to answer calls with the additional



              location "/.well-known/acme-challenge/*" { 
              root "/acme"
              root strip 2
              }





              share|improve this answer


























                1












                1








                1







                Another solution, much easier, is to re-register the account using



                acme-client -DAvv <domain>


                after having opened port 80 and configured httpd to answer calls with the additional



                location "/.well-known/acme-challenge/*" { 
                root "/acme"
                root strip 2
                }





                share|improve this answer













                Another solution, much easier, is to re-register the account using



                acme-client -DAvv <domain>


                after having opened port 80 and configured httpd to answer calls with the additional



                location "/.well-known/acme-challenge/*" { 
                root "/acme"
                root strip 2
                }






                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Jun 7 '17 at 6:42









                BexBex

                274214




                274214






























                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Unix & Linux Stack Exchange!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f369261%2fswitching-from-letsencrypt-client-to-acme-client-where-is-my-account-key%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    How to make a Squid Proxy server?

                    Is this a new Fibonacci Identity?

                    19世紀