Feature Overview

Per RFC8555 Section 7.3.4, server may require an existing account in a non-ACME system during the account registration.

We need to support configuring the external account key and adding a signed externalAccountBinding field to the registration request. It is specified that the signature algorithm for the new field is MAC-based, but there is no list of required or allowed JWS algorithms. Some research is needed to determine what algorithms are commonly required by ACME servers and have to be implemented.

The example in RFC8555 uses HS256. ZeroSSL also seems to require HMAC SHA family of algorithms.

Alternatives Considered

No response

Additional Context

No response