Cisco Exressway as ACME client

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g., so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain

I ran this command:

It produced this output: ACME accept operation failed: The client lacks sufficient authorization:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know):yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):

Hi @tabaszabi

there - - is no A- or AAAA-record.

Host T IP-Address is auth. ∑ Queries ∑ Timeout A yes 1 0
AAAA yes Name Error yes 1 0

So if that client uses http validation, that can't work.

Start with

then read something about Challenge types:

Hi Jürgen!

In the domain we only have videoconfernce devices for example Cisco Expressway -E (this device run the ACME protocol).
We do not have web server in it, therefore there is no www A record. It is mandatory?

Thank You!

But then that device should have an ip address.

So use that ip address to create an A-record of your domain.

Or use dns validation.

I configure the A record ( -> Expressway-E outside IP), but the problem is the same:
"management: Level=“ERROR” Detail=“Acme Providers Write failed”, Reason=“The client lacks sufficient authorization:”, ErrorCode=“500” UTCTime=“2020-04-20 14:19:33,471”

It seems for me, that there is a problem with my user, insn’t it?


is no answer. So the domain validation via http can't work.


I don't understand that error message. Do you use the correct domain name

Check the documentation of that client.

In the Cisco Expressway admin GUI I have to type my email, but it is not
Is it cause any problem?


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.