eab command line parameters ignored if certificate issued with implicit new account

[smfgh]

Thanks for this nice script!

If a certificate should be issued and there is no account, the account is created. If there are eab credentials, they are ignored. If the account is created explicitly, the eab credentials are used correctly.

IMHO inside the issue function (script line 4503) there is
if ! _regAccount "$_accountkeylength"; then
which ignores the the command line parameters --eab-kid and --eab-hmac-key. The other calls to _regAccount look like
_regAccount "$_account_key_length" "$_eab_id" "$_eab_hmac_key"
and so should line 4503 be more like
if ! _regAccount "$_accountkeylength "$_eab_id" "$_eab_hmac_key""; then
or
if ! _regAccount "$_accountkeylength "$_eab_kid" "$_eab_hmac_key""; then
as the variable is sometimes called _eab_id and sometimes eab_kid.

[github-actions]

Please upgrade to the latest code and try again first. Maybe it's already fixed. acme.sh --upgrade If it's still not working, please provide the log with --debug 2, otherwise, nobody can help you.

[smfgh]

output of ./acme.sh --test --debug 2 --eab-kid "GD-VvWydSVFuss_GhBwYQQ" --eab-hmac-key "MjXU3MH-Z0WQ7piMAnVsCpD1shgMiWx6ggPWiTmydgUaj7dWWWfQfA" --output-insecure --insecure --server https://localhost:8000/acme/directory --stateless --issue --domain mytest.example.org is:
[Mi 26. Feb 21:36:07 CET 2025] _is_idn_d='mytest.example.org' [Mi 26. Feb 21:36:07 CET 2025] _idn_temp [Mi 26. Feb 21:36:07 CET 2025] _selectServer try snames='zerossl.com,zerossl' [Mi 26. Feb 21:36:07 CET 2025] _selectServer try snames='letsencrypt.org,letsencrypt' [Mi 26. Feb 21:36:07 CET 2025] _selectServer try snames='letsencrypt.org_test,letsencrypt_test,letsencrypttest' [Mi 26. Feb 21:36:07 CET 2025] _selectServer try snames='buypass.com,buypass' [Mi 26. Feb 21:36:07 CET 2025] _selectServer try snames='buypass.com_test,buypass_test,buypasstest' [Mi 26. Feb 21:36:07 CET 2025] _selectServer try snames='ssl.com,sslcom' [Mi 26. Feb 21:36:07 CET 2025] _selectServer try snames='google.com,google' [Mi 26. Feb 21:36:07 CET 2025] _selectServer try snames='google.com_test,googletest,google_test' [Mi 26. Feb 21:36:07 CET 2025] Let's find the script directory. [Mi 26. Feb 21:36:07 CET 2025] _SCRIPT_='./acme.sh' [Mi 26. Feb 21:36:07 CET 2025] _script='/testdir/tmp/acme.sh' [Mi 26. Feb 21:36:07 CET 2025] _script_home='/testdir/tmp' [Mi 26. Feb 21:36:07 CET 2025] Using default home: /testdir/.acme.sh [Mi 26. Feb 21:36:07 CET 2025] Using config home: /testdir/.acme.sh [Mi 26. Feb 21:36:07 CET 2025] LE_WORKING_DIR='/testdir/.acme.sh' https://github.com/acmesh-official/acme.sh v3.1.0 [Mi 26. Feb 21:36:07 CET 2025] Using server: https://localhost:8000/acme/directory [Mi 26. Feb 21:36:07 CET 2025] Running cmd: issue [Mi 26. Feb 21:36:07 CET 2025] _main_domain='mytest.example.org' [Mi 26. Feb 21:36:07 CET 2025] _alt_domains='no' [Mi 26. Feb 21:36:07 CET 2025] Using config home: /testdir/.acme.sh [Mi 26. Feb 21:36:07 CET 2025] ACME_DIRECTORY='https://localhost:8000/acme/directory' [Mi 26. Feb 21:36:07 CET 2025] _ACME_SERVER_HOST='localhost' [Mi 26. Feb 21:36:07 CET 2025] _ACME_SERVER_PATH='acme/directory' [Mi 26. Feb 21:36:07 CET 2025] DOMAIN_PATH='/testdir/.acme.sh/mytest.example.org_ecc' [Mi 26. Feb 21:36:08 CET 2025] 'stateless' does not contain 'dns' [Mi 26. Feb 21:36:08 CET 2025] Using ACME_DIRECTORY: https://localhost:8000/acme/directory [Mi 26. Feb 21:36:08 CET 2025] _init API for server: https://localhost:8000/acme/directory [Mi 26. Feb 21:36:08 CET 2025] GET [Mi 26. Feb 21:36:08 CET 2025] url='https://localhost:8000/acme/directory' [Mi 26. Feb 21:36:08 CET 2025] timeout= [Mi 26. Feb 21:36:08 CET 2025] _CURL='curl --silent --dump-header /testdir/.acme.sh/http.header -L --trace-ascii /tmp/tmp.CK3JGWNwhw -g --insecure ' [Mi 26. Feb 21:36:08 CET 2025] ret='0' [Mi 26. Feb 21:36:08 CET 2025] response='{"newNonce":"https://localhost:8000/acme/new-nonce","newOrder":"https://localhost:8000/acme/new-order","newAccount":"https://localhost:8000/acme/new-acct","meta":{"website":"https://localhost:8000","externalAccountRequired":true,"termsOfService":"https://localhost:8000"}}' [Mi 26. Feb 21:36:08 CET 2025] ACME_KEY_CHANGE [Mi 26. Feb 21:36:08 CET 2025] ACME_NEW_AUTHZ [Mi 26. Feb 21:36:08 CET 2025] ACME_NEW_ORDER='https://localhost:8000/acme/new-order' [Mi 26. Feb 21:36:08 CET 2025] ACME_NEW_ACCOUNT='https://localhost:8000/acme/new-acct' [Mi 26. Feb 21:36:08 CET 2025] ACME_REVOKE_CERT [Mi 26. Feb 21:36:08 CET 2025] ACME_AGREEMENT='...' [Mi 26. Feb 21:36:08 CET 2025] ACME_NEW_NONCE='https://localhost:8000/acme/new-nonce' [Mi 26. Feb 21:36:08 CET 2025] Using CA: https://localhost:8000/acme/directory [Mi 26. Feb 21:36:08 CET 2025] _on_before_issue [Mi 26. Feb 21:36:08 CET 2025] _chk_main_domain='mytest.example.org' [Mi 26. Feb 21:36:08 CET 2025] _chk_alt_domains [Mi 26. Feb 21:36:08 CET 2025] 'stateless' does not contain 'no' [Mi 26. Feb 21:36:08 CET 2025] Le_LocalAddress [Mi 26. Feb 21:36:08 CET 2025] d='mytest.example.org' [Mi 26. Feb 21:36:08 CET 2025] Checking for domain='mytest.example.org' [Mi 26. Feb 21:36:08 CET 2025] _currentRoot='stateless' [Mi 26. Feb 21:36:08 CET 2025] d [Mi 26. Feb 21:36:08 CET 2025] 'stateless' does not contain 'apache' [Mi 26. Feb 21:36:08 CET 2025] Config file is empty, cannot read CA_KEY_HASH [Mi 26. Feb 21:36:08 CET 2025] _saved_account_key_hash [Mi 26. Feb 21:36:08 CET 2025] Using config home: /testdir/.acme.sh [Mi 26. Feb 21:36:08 CET 2025] ACME_DIRECTORY='https://localhost:8000/acme/directory' [Mi 26. Feb 21:36:08 CET 2025] _ACME_SERVER_HOST='localhost' [Mi 26. Feb 21:36:08 CET 2025] _ACME_SERVER_PATH='acme/directory' [Mi 26. Feb 21:36:08 CET 2025] _init API for server: https://localhost:8000/acme/directory [Mi 26. Feb 21:36:08 CET 2025] length='ec-256' [Mi 26. Feb 21:36:08 CET 2025] Using config home: /testdir/.acme.sh [Mi 26. Feb 21:36:08 CET 2025] ACME_DIRECTORY='https://localhost:8000/acme/directory' [Mi 26. Feb 21:36:08 CET 2025] _ACME_SERVER_HOST='localhost' [Mi 26. Feb 21:36:08 CET 2025] _ACME_SERVER_PATH='acme/directory' [Mi 26. Feb 21:36:08 CET 2025] _createkey for file:/testdir/.acme.sh/ca/localhost/acme/directory/account.key [Mi 26. Feb 21:36:08 CET 2025] Using length 256 [Mi 26. Feb 21:36:08 CET 2025] Using EC name: prime256v1 [Mi 26. Feb 21:36:08 CET 2025] Account key creation OK. [Mi 26. Feb 21:36:08 CET 2025] EC key [Mi 26. Feb 21:36:08 CET 2025] Config file is empty, cannot read CA_EAB_KEY_ID [Mi 26. Feb 21:36:08 CET 2025] Config file is empty, cannot read CA_EAB_HMAC_KEY [Mi 26. Feb 21:36:08 CET 2025] Config file is empty, cannot read CA_EMAIL [Mi 26. Feb 21:36:08 CET 2025] Config file is empty, cannot read ACCOUNT_EMAIL [Mi 26. Feb 21:36:08 CET 2025] Registering account: https://localhost:8000/acme/directory [Mi 26. Feb 21:36:08 CET 2025] =======Sending Signed Request======= [Mi 26. Feb 21:36:08 CET 2025] url='https://localhost:8000/acme/new-acct' [Mi 26. Feb 21:36:08 CET 2025] payload='{"termsOfServiceAgreed": true}' [Mi 26. Feb 21:36:08 CET 2025] Use cached jwk for file: /testdir/.acme.sh/ca/localhost/acme/directory/account.key [Mi 26. Feb 21:36:08 CET 2025] Get nonce with HEAD. ACME_NEW_NONCE='https://localhost:8000/acme/new-nonce' [Mi 26. Feb 21:36:08 CET 2025] HEAD [Mi 26. Feb 21:36:08 CET 2025] _post_url='https://localhost:8000/acme/new-nonce' [Mi 26. Feb 21:36:08 CET 2025] body [Mi 26. Feb 21:36:08 CET 2025] _postContentType='application/jose+json' [Mi 26. Feb 21:36:08 CET 2025] _CURL='curl --silent --dump-header /testdir/.acme.sh/http.header -L --trace-ascii /tmp/tmp.tYy9qFrCNo -g --insecure -I ' [Mi 26. Feb 21:36:08 CET 2025] _ret='0' [Mi 26. Feb 21:36:08 CET 2025] _headers='HTTP/1.1 200 OK Date: Wed, 26 Feb 2025 20:36:08 GMT Replay-nonce: iUPBkMujlhJngYMHisGDRYKMhDFtc99T ' [Mi 26. Feb 21:36:08 CET 2025] nonce='iUPBkMujlhJngYMHisGDRYKMhDFtc99T' [Mi 26. Feb 21:36:08 CET 2025] POST [Mi 26. Feb 21:36:08 CET 2025] _post_url='https://localhost:8000/acme/new-acct' [Mi 26. Feb 21:36:08 CET 2025] body='{"protected": "eyJub25jZSI6ICJpVVBCa011amxoSm5nWU1IaXNHRFJZS01oREZ0Yzk5VCIsICJ1cmwiOiAiaHR0cHM6Ly9sb2NhbGhvc3Q6ODAwMC9hY21lL25ldy1hY2N0IiwgImFsZyI6ICJFUzI1NiIsICJqd2siOiB7ImNydiI6ICJQLTI1NiIsICJrdHkiOiAiRUMiLCAieCI6ICJHMDc5aXV2aVJubHFJWjBHZjZqemZENXRLNTBJZ2s2SU5LaklzRmZ3VHUwIiwgInkiOiAiT1ZwLTFodi1mNXU1c2dlZnN4Q29nWlN4cHBucXFfLUlkQnZwWFRUMnAxYyJ9fQ", "payload": "eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6IHRydWV9", "signature": "z-0fnOgadh0Czi3vVTa1-3hM-JGVjTLzj48RZKc3fQteLWPdOp-pwM5jx9Md7Y4dnVSE-n6aiQWlSwkQfZAI1Q"}' [Mi 26. Feb 21:36:08 CET 2025] _postContentType='application/jose+json' [Mi 26. Feb 21:36:08 CET 2025] Http already initialized. [Mi 26. Feb 21:36:08 CET 2025] _CURL='curl --silent --dump-header /testdir/.acme.sh/http.header -L --trace-ascii /tmp/tmp.tYy9qFrCNo -g --insecure ' [Mi 26. Feb 21:36:08 CET 2025] _ret='0' [Mi 26. Feb 21:36:08 CET 2025] responseHeaders='HTTP/1.1 400 Bad Request Date: Wed, 26 Feb 2025 20:36:08 GMT Content-type: application/problem+json Replay-nonce: hOC2vkzkFpHfgZ6Q1SIlGfwiTe2HIfuQ Content-length: 120 ' [Mi 26. Feb 21:36:08 CET 2025] code='400' [Mi 26. Feb 21:36:08 CET 2025] original='{"type":"urn:ietf:params:acme:error:externalAccountRequired","detail":"external account information missing or invalid"}' [Mi 26. Feb 21:36:08 CET 2025] response='{"type":"urn:ietf:params:acme:error:externalAccountRequired","detail":"external account information missing or invalid"}' [Mi 26. Feb 21:36:08 CET 2025] Account registration error: {"type":"urn:ietf:params:acme:error:externalAccountRequired","detail":"external account information missing or invalid"} [Mi 26. Feb 21:36:08 CET 2025] _on_issue_err [Mi 26. Feb 21:36:08 CET 2025] Please add '--debug' or '--log' to see more information. [Mi 26. Feb 21:36:08 CET 2025] See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh [Mi 26. Feb 21:36:08 CET 2025] _chk_vlist [Mi 26. Feb 21:36:08 CET 2025] socat doesn't exist. [Mi 26. Feb 21:36:08 CET 2025] Diagnosis versions: openssl:openssl OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022) Apache: Apache doesn't exist. nginx: nginx doesn't exist. socat: