Help
FortiClient
FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.
mithing
Staff
Staff

Created on ‎06-20-2025 03:43 AM

Article Id 397383

Troubleshooting Tip: ACME Certificate Renewal Failure with error message 'A.C.M.E. Certificate renew has failed. Client lacks sufficient authorization'

Description This article describes what to check when the ACME certificate renewal fails with the error message 'A.C.M.E. Certificate renewal has failed. The client lacks sufficient authorization on FortiClient EMS.
Scope FortiClient EMS.
Solution

If getting the error message 'A.C.M.E. Certificate renew has failed. Client lacks sufficient authorization', The sample message is as follows:

 

Screenshot 2025-06-20 172522.png

 

To resolve the ACME certificate renewal failure on FortiClient/EMS, check the following items:

  1. Verify that there are no geo-blocks on the virtual IP that resolve to FortiClient EMS FQDN on ports 443 and 80.
  2. If the issue persists, temporarily disable the 'SSL inspection' profile in policy and check the traffic log in real-time in the FortiGate to see what the FortiClient EMS server IP is trying to connect to. 
168
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.