Technically, the Account instance is all you need to proceed with the certification process.

However, you certainly want to come back later, for example if you want to renew a certificate. This is when you need to log into your existing CA account.

Logging into an Account

You get a Login object by providing your account information to the session:

KeyPair accountKeyPair = ... // account's key pair
URL accountLocationUrl = ... // account's URL

Login login = session.login(accountLocationUrl, accountKeyPair);

Now you can simply get your Account instance from the Login:

Account account = login.getAccount();


It is possible to have multiple Logins to different accounts per session. This is useful if your software handles the certificates of more than one account.

Login on Creation

If it is more convenient to you, you can also get a ready to use Login object from the AccountBuilder when creating a new account:

Login login = new AccountBuilder()

URL accountLocationUrl = login.getAccountLocation();
Account account = login.getAccount();

Resource Binding

If you know the URL of an ACME resource, you can bind it to a Login instance and get a resource object. The resource must be related to the account that is logged in.

For example, this is the way to get an Authorization object from an authorization URL:

URL authorizationURL = ... // authorization URL

Authorization auth = login.bindAuthorization(authorizationURL);

You can bind Authorization, Certificate, Order, and Challenge resources that way. To get the resource URL, use the getLocation() method of the resource object.


All resource objects are serializable, so the current state of the object can be frozen by Java's serialization mechanism.

However the Login the object is bound with is not serialized! The reason is that besides volatile data, the Login object contains a copy of your private key. Not serializing it prevents that you unintentionally reveal your private key in a place with lowered access restrictions.

This means that a deserialized object is not bound to a Login yet. It is required to rebind it to a Login, by invoking the rebind() method of the resource object.


Serialization is only meant for short term storage at runtime, not for long term persistence. For long term persistence, store the location URL of the resource, then bind it at later time like mentioned above.


Do not share serialized data between different versions of acme4j.