var accountKeypair = await Keypairs.generate({ kty: accKty });
	if (config.debug) {
		console.info('Account Key Created');
		console.info(JSON.stringify(accountKeypair, null, 2));
		console.info();
		console.info();
	}

	var account = await acme.accounts.create({
		agreeToTerms: agree,
		// TODO detect jwk/pem/der?
		accountKeypair: { privateKeyJwk: accountKeypair.private },
		subscriberEmail: config.email
	});

	// TODO top-level agree
	function agree(tos) {
		if (config.debug) {
			console.info('Agreeing to Terms of Service:');
			console.info(tos);
			console.info();
			console.info();
		}
		agreed = true;
		return Promise.resolve(tos);
	}
	if (config.debug) {
		console.info('New Subscriber Account');
		console.info(JSON.stringify(account, null, 2));
		console.info();
		console.info();
	}
	if (!agreed) {
		throw new Error('Failed to ask the user to agree to terms');
	}

	var certKeypair = await Keypairs.generate({ kty: srvKty });
	var pem = await Keypairs.export({
		jwk: certKeypair.private,
		encoding: 'pem'
	});
	if (config.debug) {
		console.info('Server Key Created');
		console.info('privkey.jwk.json');
		console.info(JSON.stringify(certKeypair, null, 2));
		// This should be saved as `privkey.pem`
		console.info();
		console.info('privkey.' + srvKty.toLowerCase() + '.pem:');
		console.info(pem);
		console.info();
	}

	// 'subject' should be first in list
	var domains = randomDomains(rnd);
	if (config.debug) {
		console.info('Get certificates for random domains:');
		console.info(
			domains
				.map(function(puny) {
					var uni = punycode.toUnicode(puny);
					if (puny !== uni) {
						return puny + ' (' + uni + ')';
					}
					return puny;
				})
				.join('\n')
		);
		console.info();
	}

	// Create CSR
	var csrDer = await CSR.csr({
		jwk: certKeypair.private,
		domains: domains,
		encoding: 'der'
	});
	var csr = Enc.bufToUrlBase64(csrDer);
	var csrPem = PEM.packBlock({
		type: 'CERTIFICATE REQUEST',
		bytes: csrDer /* { jwk: jwk, domains: opts.domains } */
	});
	if (config.debug) {
		console.info('Certificate Signing Request');
		console.info(csrPem);
		console.info();
	}

	var results = await acme.certificates.create({
		account: account,
		accountKeypair: { privateKeyJwk: accountKeypair.private },
		csr: csr,
		domains: domains,
		challenges: challenges, // must be implemented
		customerEmail: null
	});