diff --git a/config.go b/config.go
index eda72ba..59edb36 100644
--- a/config.go
+++ b/config.go
@@ -123,8 +123,12 @@ func readKey(path string) (crypto.Signer, error) {
 }
 
 // writeKey writes k to the specified path in PEM format.
-// If file does not exists, it will be created with 0600 mod.
+// If directory of path does not exist, it will be created with 0700 mod.
+// If path does not exists, it will be created with 0600 mod.
 func writeKey(path string, k *ecdsa.PrivateKey) error {
+	if err := os.MkdirAll(filepath.Dir(path), 0700); err != nil {
+		return err
+	}
 	f, err := os.OpenFile(path, os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		return err
diff --git a/reg.go b/reg.go
index 7143c95..4b6f87f 100644
--- a/reg.go
+++ b/reg.go
@@ -13,6 +13,7 @@ package main
 
 import (
 	"context"
+	"os"
 	"fmt"
 	"path/filepath"
 	"strings"
@@ -87,7 +88,12 @@ func runReg(args []string) {
 
 	a, err := client.Register(ctx, &uc.Account, prompt)
 	if err != nil {
-		fatalf("%v", err)
+		switch err.Error() {
+		case "409 urn:acme:error:malformed: Registration key is already in use":
+			fatalf("Key already registered - see '%s whoami -c %s'.\nMaybe you just need to accept an updated license?\nThen you can use '%s update -c %s -accept'", os.Args[0], configDir, os.Args[0], configDir)
+		default:
+			fatalf("%v", err)
+		}
 	}
 	uc.Account = *a
 	if err := writeConfig(uc); err != nil {