Using acme.sh. If while issuing SSL errors like these are displayed: Usage: _hmac hashalg secret [outputhex] and Register account Error: {“type”:”urn:ietf:params:acme:error:malformed”,”status”:400,”detail”, here is the magic solution.
See an example below and the method on how it should be solved.
Trying:
curl https://get.acme.sh | sh -s [email protected]
Results: OK
Trying:
acme.sh --force --issue -d example.com -d www.example.com -w /home/username/public_html
Results:
Using CA: https://acme.zerossl.com/v2/DV90 Create account key ok. No EAB credentials found for ZeroSSL, let's get one Usage: _hmac hashalg secret [outputhex] Registering account: https://acme.zerossl.com/v2/DV90 Register account Error: {"type":"urn:ietf:params:acme:error:malformed","status":400,"detail":"[External Account Binding] The JWS Signature MUST be present"} Please add '--debug' or '--log' to check more details. See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh
Reason: The acme.sh changed default CA to ZeroSSL on August 2021
Magic solution:
You can resolve this by requesting ZeroSSL support for account creation. Also on the official ZeroSSL website you can create an account and generate a free ssl without the need for shell commands.
But if you want to continue with Let’s encrypt as before here is the solution:
acme.sh --set-default-ca --server letsencrypt
What needs to be done next:
Repeat all steps to issue and deploy Let’s encrypt SSL for your domain. Click this link for details.
