Knowledge Base
Sectigo Certificate Manager (SCM) ACME error: "The client lacks sufficient authorization..."
Problem: You received the following error:
"The client lacks sufficient authorization :: The identifiers are not all linked to the same preauthorized Subject organization name/address"
Reason: You will receive the error above when the correct domain has not been added to the Assigned Domains section within Edit ACME Account.
Solution 1: From ACME Account at the Organization level
1. Login to your SCM account
3. Click the radio button next to the appropriate account
4. Click ACME Accounts
5. Within the ACME Accounts window, click the radio button next to the appropriate Account
6. Click Edit
7. From within the Edit the ACME Account window, move this domain from Available Domains to Assigned Domains.
8. Click OK
Solution 2: From ACME Account at Department level
1. Login to your SCM account
2. Go to Settings >> Organization
3. Click Departments
4. From the Departments window, click the radio button next to the appropriate Department
5. Click ACME Accounts
6. From within the ACME Accounts window, click the radio button next to the appropriate account
7. Click Edit
8. Click on the appropriate Available Domain and move it to the Available Domains list
9. Click ok
Note:
- Please only assign non-wildcard domains
- Adding * before the domain in ACME does not relate to Wild card domains
- The domain ‘domain.com’ will issue certificates for "Any FQDN (wildcard or non-wildcard) under that domain, plus that domain itself"
- If the domain is not listed in the Available domains section, then you must add the domain, perform DCV, and delegate it to your Organization/Department.
Example:
------------------------------------------------------------------------------------------------------------------------------------------
Test case 1:
- If you assign ‘domain.com’
- You can then request certificates for any FQDN (wildcard or non-wildcard) under that domain, plus that domain itself.
- The following are some example domains you can request via ACME client.
domain.com
it.domain.com
*.domain.com
it.abc.domain.com
------------------------------------------------------------------------------------------------------------------------------------------
Test case 2:
- If you assign ‘it.domain.com’
- You can then request certificates for any FQDN (wildcard or non-wildcard) under that domain, plus that domain itself.
- The following are some example domains you can request via ACME client.
- You cannot request certificates for the following domains:
domain.com
abc.domain.com
acmetest.domain.com
*.domain.com
------------------------------------------------------------------------------------------------------------------------------------------
Need assistance?
Contact our team for help with your purchase or issuing your certificate.
Live chat
Click the button below or click "Chat with an Expert" to start chatting with us now!
