diff --git a/lib/accounts.js b/lib/accounts.js
index a4f3d3a..7f8f235 100644
--- a/lib/accounts.js
+++ b/lib/accounts.js
@@ -12,10 +12,8 @@ function createAccount(args, handlers) {
   var os = require("os");
   var localname = os.hostname();
 
-  // TODO support ECDSA
   // arg.rsaBitLength args.rsaExponent
-  return RSA.generateKeypairAsync(args.rsaKeySize || 1024, 65537, { public: true, pem: true }).then(function (keypair) {
-    /* keypair = { privateKeyPem, privateKeyJwk, publicKeyPem } */
+  return RSA.generateKeypairAsync(args.rsaKeySize || 2048, 65537, { public: true, pem: true }).then(function (keypair) {
 
     return LeCore.registerNewAccountAsync({
       email: args.email
diff --git a/lib/core.js b/lib/core.js
index b94852f..aa2b4b5 100644
--- a/lib/core.js
+++ b/lib/core.js
@@ -8,7 +8,6 @@ var fs = PromiseA.promisifyAll(require('fs'));
 var sfs = require('safe-replace');
 var LE = require('../');
 var LeCore = PromiseA.promisifyAll(require('letiny-core'));
-var leCrypto = PromiseA.promisifyAll(LeCore.leCrypto);
 var Accounts = require('./accounts');
 
 var merge = require('./common').merge;
@@ -199,7 +198,7 @@ function writeCertificateAsync(args, defaults, handlers) {
     , sfs.writeFileAsync(
         privkeyArchive
         // TODO nix args.key, args.domainPrivateKeyPem ??
-      , (result.privkey || result.key) || RSA.exportPrivateKey(args.domainKeypair)
+      , (result.privkey || result.key) || RSA.exportPrivatePem(args.domainKeypair)
       , 'ascii'
       )
     ]);
@@ -213,7 +212,7 @@ function writeCertificateAsync(args, defaults, handlers) {
     , sfs.writeFileAsync(
         privkeyPath
         // TODO nix args.key, args.domainPrivateKeyPem ??
-      , (result.privkey || result.key) || RSA.exportPrivateKey(args.domainKeypair)
+      , (result.privkey || result.key) || RSA.exportPrivatePem(args.domainKeypair)
       , 'ascii'
       )
     ]);
@@ -235,7 +234,7 @@ function writeCertificateAsync(args, defaults, handlers) {
 
       // TODO nix args.key, args.domainPrivateKeyPem ??
       // some ambiguity here...
-    , privkey: (result.privkey || result.key) || RSA.exportPrivateKey(args.domainKeypair)
+    , privkey: (result.privkey || result.key) || RSA.exportPrivatePem(args.domainKeypair)
     , fullchain: result.fullchain || (result.cert + '\n' + result.chain)
     , chain:  (result.chain || result.ca)
       // especially this one... might be cert only, might be fullchain
@@ -254,15 +253,25 @@ function getCertificateAsync(args, defaults, handlers) {
 
   if (!args.domainKeyPath) {
     // TODO use default path ???
+    if (args.debug) {
+      console.log('[domainKeyPath]: none');
+    }
     promise = RSA.generateKeypairAsync(args.rsaKeySize, 65537, keypairOpts);
   }
 
   if (args.domainKeyPath) {
+    if (args.debug) {
+      console.log('[domainKeyPath]:', args.domainKeyPath);
+    }
     promise = fs.readFileAsync(args.domainKeyPath, 'ascii').then(function (pem) {
       return RSA.import({ privateKeyPem: pem });
-    }, function (err) {
+    }, function (/*err*/) {
       return RSA.generateKeypairAsync(args.rsaKeySize, 65537, keypairOpts).then(function (keypair) {
-        return fs.writeFileAsync(args.domainKeyPath, keypair.privateKeyPem, 'ascii');
+        return mkdirpAsync(path.dirname(args.domainKeyPath)).then(function () {
+          return fs.writeFileAsync(args.domainKeyPath, keypair.privateKeyPem, 'ascii').then(function () {
+            return keypair;
+          });
+        });
       });
     });
   }