diff --git a/README.md b/README.md
index 70d4ebe..3849f8f 100644
--- a/README.md
+++ b/README.md
@@ -8,6 +8,7 @@
 - `REDIRECT_RAW_INFO` (default: https://docs.codeberg.org/pages/raw-content/): info page for raw resources, shown if no resource is provided.
 - `ACME_API` (default: https://acme.zerossl.com/v2/DV90): set this to https://acme.mock.director to use invalid certificates without any verification (great for debugging). ZeroSSL is used as it doesn't have rate limits and doesn't clash with the official Codeberg certificates (which are using Let's Encrypt).
 - `ACME_EMAIL` (default: `noreply@example.email`): Set this to "true" to accept the Terms of Service of your ACME provider.
+- `ACME_EAB_KID` &  `ACME_EAB_HMAC` (default: don't use EAB): EAB credentials, for example for ZeroSSL.
 - `ACME_ACCEPT_TERMS` (default: use self-signed certificate): Set this to "true" to accept the Terms of Service of your ACME provider.
 - `DNS_PROVIDER` (default: use self-signed certificate): Code of the ACME DNS provider for the main domain wildcard.  
   See https://go-acme.github.io/lego/dns/ for available values & additional environment variables.
diff --git a/certificates.go b/certificates.go
index 3ba6f9e..80edc34 100644
--- a/certificates.go
+++ b/certificates.go
@@ -204,11 +204,23 @@ func newAcmeClient(configureChallenge func(*resolver.SolverManager) error) *lego
 	}
 
 	// accept terms
-	reg, err := acmeClient.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: os.Getenv("ACME_ACCEPT_TERMS") == "true"})
-	if err != nil {
-		panic(err)
+	if os.Getenv("ACME_EAB_KID") == "" || os.Getenv("ACME_EAB_HMAC") == "" {
+		reg, err := acmeClient.Registration.Register(registration.RegisterOptions{TermsOfServiceAgreed: os.Getenv("ACME_ACCEPT_TERMS") == "true"})
+		if err != nil {
+			panic(err)
+		}
+		myUser.Registration = reg
+	} else {
+		reg, err := acmeClient.Registration.RegisterWithExternalAccountBinding(registration.RegisterEABOptions{
+			TermsOfServiceAgreed: os.Getenv("ACME_ACCEPT_TERMS") == "true",
+			Kid: os.Getenv("ACME_EAB_KID"),
+			HmacEncoded: os.Getenv("ACME_EAB_HMAC"),
+		})
+		if err != nil {
+			panic(err)
+		}
+		myUser.Registration = reg
 	}
-	myUser.Registration = reg
 
 	return acmeClient
 }
diff --git a/handler.go b/handler.go
index 53bdba6..662809a 100644
--- a/handler.go
+++ b/handler.go
@@ -148,7 +148,7 @@ func handler(ctx *fasthttp.RequestCtx) {
 		targetOwner = pathElements[0]
 		targetRepo = pathElements[1]
 
-		// raw.codeberg.page/example/myrepo/@main/index.html
+		// raw.codeberg.org/example/myrepo/@main/index.html
 		if len(pathElements) > 2 && strings.HasPrefix(pathElements[2], "@") {
 			s.Step("raw domain preparations, now trying with specified branch")
 			if tryBranch(targetRepo, pathElements[2][1:], pathElements[3:],