Step 1 and 2 worked fine but in step 3 I get the following error:

Error: Account registration failed. Please start back at Step 1. { "type": "urn:ietf:params:acme:error:badNonce", "detail": "JWS has an invalid anti-replay nonce: "0103QwMp1UWXcX5B5sSQBIDWzJL5ak3waWsArRm_875tX3A"", "status": 400 }

I tried a second time and got the following error:

Error: Account registration failed. Please start back at Step 1. { "type": "urn:ietf:params:acme:error:malformed", "detail": "JWS verification error", "status": 400 }

I entered the single line output of the echo -n "eyJ1...1ZX0" | openssl dgst -sha256 -hex -sign $PRIV_KEY" command as:
(stdin)= 1a7f....0835
(actual full strings shortened here for brevity).

Maybe the nonce part of the ACME protocol changed or something?

I'm facing exact same issue

same here ..

same...

me too

Same error as well. Appears that site is indeed broken at step 3

For anyone looking for another solution to create a certificate manually on your local computer, you can use Certbot with the --manual flag & dns validation, as explained here https://help.datica.com/hc/en-us/articles/360044373551-Creating-and-Deploying-a-LetsEncrypt-Certificate-Manually

You may need to change your network interface's MTU size if certbot returns "connection reset", as explained here https://community.letsencrypt.org/t/error-coming-through-when-trying-to-get-ssl-verified-with-my-domain/118654/9

This happens to me when trying to use the wrong account public key for the domain im trying to generate a cert for. Generating a new public key works for me in this case.

I finally managed to get the certificate with https://gethttpsforfree.com/
Here are the issues I faced if someone else want to get Lets Encrypt Certificate (without Certbot)

1. You will have to generate two certificates. account and the one for your domain. For the latter one you generate the CSR. Remember to give the domain you are using it for and your email. (Don't know if anything else is important)

sudo openssl genrsa -out account.key 2048
sudo openssl rsa -in account.key -pubout -out account_public.key
sudo openssl genrsa -out domain.key 2048
sudo openssl rsa -in domain.key -pubout -out domain_public.key
sudo openssl req -new -key domain.key -out domain.csr

2. You have to be fast (it is so silly but true) There are plenty of steps you have to paste (stdin)=bd0d8554... staff and for some reason it have to be done fast.
3. (stdin)=bd0d8554... staff was also containing line breaks when copied, so I have to paste them first to editor and remove them
4. Don't know it the Verify Ownership with DNS record have to be fast. But it is the same when trying again (with same cert), so second time you can just "I can see the TXT record" immediately
5. Finally when you receive your cert there are 3 of them. The domain one is the first one. And it was working with my https API
6. When done manually like this, I think it have to be done again after 90 days. (So doing everything with certbot so that it will automate renewal might be good idea at least for long run)

But just that you know gethttpsforfree is working 2022! Even the repo is quite inactive.

I finally managed
...
2. You have to be fast (it is so silly but true)

Non-working script, idiotic geek-shmick "free" CA with install method not working for the most of the people :( Wasted a lot of time, got NOTHING :(

How "fast" I should be?! What the idiotic suggestion?!

Non-working script, idiotic geek-shmick "free" CA with install method not working for the most of the people :( Wasted a lot of time, got NOTHING :(

How "fast" I should be?! What the idiotic suggestion?!

I feel you @sensboston. I had so many frustration while doing this. Still don't understand why sharing my usage experiences here are idiotic?

I just wanted to describe to others how I finally was able to use this successfully. I think i made it clear it was not easy and sure it is almost impossible to use but I managed to do so with these instructions.

It is not my fault the process is buggy but I noticed that it works if the steps is executed in fast enough pace. I don't have any absolute time frame. Fast enough for me was when it didn't fail anymore. It did fail so many times either because of this or copy/paste error that I also thought it didn't work. Just wanted try "just one more time" enough times.

Still don't understand why sharing my usage experiences here are idiotic?

Simple because of this:

You have to be fast (it is so silly but true)

Yes, it's silly and idiotic, software world isn't working this way. And try to tell your idiotic (yes, it's IDIOTIC!) suggestions to the people with disability, to push 'em retry process without any chance of luck :(

... if the steps is executed in fast enough pace. I don't have any absolute time frame. Fast enough for me was when it didn't fail anymore.

Double, triple IDIOTIC!

Yes, it's silly and idiotic, software world isn't working this way. And try to tell your idiotic (yes, it's IDIOTIC!) suggestions to the people with disability, to push 'em retry process without any chance of luck :(

You're being rude because you blame on me that you wasted your time. If software world is never time dependent and my suggestions were so idiotic why did you decide to try... actually i don't want to know.

For everyone else I want to tell that I have successfully used this 3-4 times and always it fails a couple of times when I am not fast enough with my copy/paste. So it is up to everyone if you want to give a chance for this. Cannot recommend but if you don't have any other solution... maybe you get it to work like me.

Double, triple IDIOTIC!

I understand your frustration at your time being wasted and maybe it's a language barrier issue, but you are being a bit rude & entitled to someone who's sharing his experience to help others for free.

The code is free and open, you're welcome to fix it if you feel so strongly about it.

If you encounter problems, you can try my webpage: https://xiangyuecn.github.io/ACME-HTML-Web-Browser-Client/ACME-HTML-Web-Browser-Client.html