A magic solution for Acme.sh register account error

Using acme.sh. If while issuing SSL errors like these are displayed: Usage: _hmac hashalg secret [outputhex] and Register account Error: {“type”:”urn:ietf:params:acme:error:malformed”,”status”:400,”detail”, here is the magic solution.

See an example below and the method on how it should be solved.


curl https://get.acme.sh | sh -s email=email@example.com

Results: OK


acme.sh --force --issue -d example.com -d www.example.com -w /home/username/public_html


Using CA: https://acme.zerossl.com/v2/DV90
Create account key ok.
No EAB credentials found for ZeroSSL, let's get one
Usage: _hmac hashalg secret [outputhex]
Registering account: https://acme.zerossl.com/v2/DV90
Register account Error: {"type":"urn:ietf:params:acme:error:malformed","status":400,"detail":"[External Account Binding] The JWS Signature MUST be present"}
Please add '--debug' or '--log' to check more details.
See: https://github.com/acmesh-official/acme.sh/wiki/How-to-debug-acme.sh

acme.sh error


Reason: The acme.sh changed default CA to ZeroSSL on August  2021

Magic solution:

You can resolve this by requesting ZeroSSL support for account creation. Also on the official ZeroSSL website you can create an account and generate a free ssl without the need for shell commands.

But if you want to continue with Let’s encrypt as before here is the solution:

acme.sh --set-default-ca --server letsencrypt

What needs to be done next:

Repeat all steps to issue and deploy Let’s encrypt SSL for your domain. Click this link for details.

acme.sh ssl success