Extracted from an avalanche of emails in a huge thread on another list ;)
this teaches acme-client -v to print the account uri as returned by the
ACME server (https://datatracker.ietf.org/doc/html/rfc8555#section-7.3 -
it's in the Location header).

This is useful if you want to add CAA records that restrict issuance to
a specific user account rather than just a specific CA, for example:

CAA 0 issue "letsencrypt.org;accounturi=https://acme-v02.api.letsencrypt.org/acme/acct/1234567890"

It's not super pretty, but this isn't something anyone will run often,
just once manually when adding the CAA record.

OK?

Index: netproc.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/netproc.c,v
diff -u -p -r1.35 netproc.c
--- netproc.c	28 Apr 2024 10:09:25 -0000	1.35
+++ netproc.c	7 Oct 2024 13:32:22 -0000
@@ -359,7 +359,7 @@ donewacc(struct conn *c, const struct ca
 {
 	struct jsmnn	*j = NULL;
 	int		 rc = 0;
-	char		*req, *detail, *error = NULL;
+	char		*req, *detail, *error = NULL, *accturi = NULL;
 	long		 lc;
 
 	if ((req = json_fmt_newacc(contact)) == NULL)
@@ -384,6 +384,14 @@ donewacc(struct conn *c, const struct ca
 	else
 		rc = 1;
 
+	if (c->kid != NULL) {
+		if (stravis(&accturi, c->kid, VIS_SAFE) != -1)
+			warn("%s", accturi);
+		else
+			dodbg("account key: %s", accturi);
+		free(accturi);
+	}
+
 	if (rc == 0 || verbose > 1)
 		buf_dump(&c->buf);
 	free(req);
@@ -399,7 +407,7 @@ static int
 dochkacc(struct conn *c, const struct capaths *p, const char *contact)
 {
 	int		 rc = 0;
-	char		*req;
+	char		*req, *accturi = NULL;
 	long		 lc;
 
 	if ((req = json_fmt_chkacc()) == NULL)
@@ -417,6 +425,13 @@ dochkacc(struct conn *c, const struct ca
 
 	if (c->kid == NULL)
 		rc = 0;
+	else {
+		if (stravis(&accturi, c->kid, VIS_SAFE) != -1)
+			warn("%s", accturi);
+		else
+			dodbg("account key: %s", accturi);
+		free(accturi);
+	}
 
 	if (rc == 0 || verbose > 1)
 		buf_dump(&c->buf);