I didn't realize you were the author! I figured out that I made a mistake by using the same key pair for Steps 1 and 2. The LetsEncrypt API returned an error that told me to use a different key for the CSR, and once I did that it worked.
Reading back through your instructions, I don't know how you could be more clear that ACCOUNT.KEY and DOMAIN.KEY should be different. It's just my fault for not reading slowly enough. :)
Thanks a bunch for making this tool, it made everything simple.
I don't get it. What is the domain key here?
I tried to read the instructions but all of it said that the signing should be done with account private key.
Ok I got confused because tried to simultaneously read how to make the certificate using Amazon AWS documentation, and seems I skipped one crucial part.
Did you figure it out? You need two different keys: the account.key and the domain.key. For most of the steps you will use the account.key to sign, but the Certificate Signing Request will use the domain.key to sign.
https://github.com/diafygi/gethttpsforfree