Knowledge Base
ACME "The Client Lacks Sufficient Authorization" Error
If you receive the "the client lacks sufficient authorization" error while requesting a certificate via ACME, it could be due to an ACME account pre-registered on the ACME client machine. This can occur when attempting to use a new ACME account, but the machine still references the original account that was first registered.
Why This Happens
- The first time you register an ACME account on a machine, it registers it in the backend with associated files. If you try to change the ACME account by updating the ACME Account Key ID and HMAC Key, the client will still use the original ACME account, not the new one.
- The initial ACME account might not have the domain assigned to it in the SCM portal, leading to the authorization error.
How to Fix This
- Navigate to the ACME Account Directory
- Go to the directory:
/etc/letsencrypt/accounts/
WinACME
- Go to directory:
C:\ProgramData\win-acme
- Rename the ACME Directory
- Rename the acme.sectigo.com directory to something like acme.sectigo.com.old. This will prevent Certbot/WinAcme from using the old account.
- Rerun the Certbot/WinAcme Command
- After renaming the directory, rerun your Certbot/WinAcme command. This will force Certbot/WinAcme to register a new ACME account and enroll the certificate for your domain.
By following these steps, Certbot/WinAcme will use the new ACME account to resolve the "the client lacks sufficient authorization" error.
If you continue having problems, please make sure that your domain is properly assigned to the correct ACME account in the SCM portal.
Need help?
Need help making a purchase? Contact us today to get your certificate issued right away.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
