diff --git a/lib/letsencrypt-forge-extra.js b/lib/letsencrypt-forge-extra.js
index 058f988..8058255 100644
--- a/lib/letsencrypt-forge-extra.js
+++ b/lib/letsencrypt-forge-extra.js
@@ -55,7 +55,9 @@ function generateRsaKeypair(bitlen, exp, cb) {
   , privateKeyPem: pki.privateKeyToPem(keypair.privateKey)  // ascii PEM: ----BEGIN...
   };
 
-  // I would have chosen sha1 or sha2... but whatever
+  // for account id
+  pems.publicKeySha256 = crypto.createHash('sha256').update(pems.publicKeyPem).digest('hex');
+  // for compat with python client account id
   pems.publicKeyMd5 = crypto.createHash('md5').update(pems.publicKeyPem).digest('hex');
   // json { n: ..., e: ..., iq: ..., etc }
   pems.privateKeyJwk = toAcmePrivateKey(keypair.privateKey);
diff --git a/lib/letsencrypt-ursa.js b/lib/letsencrypt-ursa.js
index b0cecd8..ae8cd63 100644
--- a/lib/letsencrypt-ursa.js
+++ b/lib/letsencrypt-ursa.js
@@ -36,7 +36,9 @@ function generateRsaKeypair(bitlen, exp, cb) {
   , privateKeyPem: keypair.toPrivatePem().toString('ascii') // ascii PEM: ----BEGIN...
   };
 
-  // I would have chosen sha1 or sha2... but whatever
+  // for account id
+  pems.publicKeySha256 = crypto.createHash('sha256').update(pems.publicKeyPem).digest('hex');
+  // for compat with python client account id
   pems.publicKeyMd5 = crypto.createHash('md5').update(pems.publicKeyPem).digest('hex');
   // json { n: ..., e: ..., iq: ..., etc }
   pems.privateKeyJwk = toAcmePrivateKey(pems.privateKeyPem);