Knowledge Base

Troubleshooting: ACME “The Client Lacks Sufficient Authorization” Error 

Overview 

This guide explains how to diagnose and resolve the “the client lacks sufficient authorization” error that appears when requesting a certificate via ACME. This issue commonly occurs when an ACME client machine continues to reference an older, pre‑registered ACME account even after you attempt to use a new one.  

Symptoms 

You may be experiencing this issue if you see the following: 

Cause 

This error is typically caused by an ACME client using an old, originally registered ACME account stored on the machine. Even if you update the ACME Account Key ID and HMAC Key, the client may still reference the initial account, which might not have the correct domain assigned in the SCM portal.  

Solution 

Follow these steps to resolve the issue: 

Step 1: Navigate to the ACME Account Directory 

Locate the directory where your ACME account files are stored: 

Step 2: Rename the Existing ACME Directory 

Rename the directory corresponding to the ACME server,  

for example: acme.sectigo.com → acme.sectigo.com.old  

This prevents Certbot/WinAcme from reusing the old ACME account.  

Step 3: Rerun Your ACME Client Command 

After renaming the directory, run your Certbot or WinAcme command again. 
This forces the client to register a new ACME account and reattempt certificate enrollment for your domain.  

Step 4: Verify Domain Assignment in SCM Portal (If Issue Persists) 

If the problem continues, confirm that your domain is correctly assigned to the appropriate ACME account within the SCM portal.