AW: [users@httpd] Certificate renewal fails after upgrade to httpd v2.4.66

Fri, 19 Jun 2026 04:54:54 -0700 

The error status urn:ietf:params:acme:error:unauthorized seems to come from the 
CA Provider so I deem that it is not a local permission issue.

________________________________
Von: Deepak Goel <[email protected]>
Gesendet: Freitag, 19. Juni 2026 12:16
An: [email protected] <[email protected]>
Betreff: Re: [users@httpd] Certificate renewal fails after upgrade to httpd 
v2.4.66

Sie erhalten nicht häufig E-Mails von [email protected]. Erfahren Sie, warum 
dies wichtig ist<https://aka.ms/LearnAboutSenderIdentification>
looks like a directory or file access issue

   "status-description": "Permission denied",

You might have to check with ls -lt command and then do a chmod




Deepak
"The greatness of a nation can be judged by the way its animals are treated - 
Mahatma Gandhi"

+91 73500 12833
[email protected]<mailto:[email protected]>

LinkedIn: www.linkedin.com/in/deicool<http://www.linkedin.com/in/deicool>

"Plant a Tree, Go Green"

Make In India : http://www.makeinindia.com/home


On Fri, Jun 19, 2026 at 3:43 PM Abfalterer, Armin 
<[email protected]<mailto:[email protected]>>
 wrote:
Hi all
An instance running httpd v2.4.66 persistently fails to renew certificates with 
an ACME unauthorized error. ZeroSSL rejects the replaces field in the new 
order, claiming the certificate being replaced does not belong to the current 
ACME account. Renewal never succeeds and the error counter keeps incrementing.
Renewal was working prior to the upgrade to v2.4.66.
Environment

  *   Apache httpd version: 2.4.66
  *
ACME CA: ZeroSSL

Observed Behavior
Renewal fails repeatedly with error count accumulating. The job.json / 
md-status output shows status 13 (Permission denied), problem 
urn:ietf:params:acme:error:unauthorized, with the detail: "The 'replaces' field 
does not identify a certificate that belongs to this ACME account", during the 
activity "Creating new order ... replacing-cert=...".

{
  "renewal": {
    "name": "xxx",
    "finished": false,
    "notified": false,
    "notified-renewed": false,
    "next-run": "Fri, 19 Jun 2026 06:09:00 GMT",
    "last-run": "Thu, 18 Jun 2026 22:44:59 GMT",
    "errors": 11,
    "last": {
      "status": 13,
      "status-description": "Permission denied",
      "problem": "urn:ietf:params:acme:error:unauthorized",
      "detail": "The \"replaces\" field does not identify a certificate that 
belongs to this ACME account",
      "activity": "Creating new order, key-spec=default, profile=none, 
replacing-cert=xxx"
    },
    "cert": {}
  }
}

Is this a known issue? Is there a recommended mitigation?

Regards, Armin

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to