Possible elevated ARI errors "requester account did not request the certificate being replaced by this order"

webprofusion · August 7, 2025, 9:55am

Has anyone else seen elevated occurrences of ARI errors along the lines of:

urn:ietf:params:acme:error:unauthorized :: Could not validate ARI 'replaces' field :: requester account did not request the certificate being replaced by this order

Where the CA seems to think the cert specified by the ARI Cert ID is from a different account.

I'm trying to figure out if it's a client bug or a CA server change. I can't see it being likely that many people would be changing the ACME accounts in the app but I'm not ruling out a client bug either way. [The client recovers from ARI "replaces" errors by retrying without ARI, so it's hard to tell how persistent this issue is]

webprofusion · August 7, 2025, 10:21am

Never mind, I think this is a false alarm

system · September 6, 2025, 10:21am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Error handling for ARI "replaces" conflict Client dev	5	1790	August 23, 2024
Invalid ARI `replaces` field - different behaviors across ACME Servers? Client dev	5	286	February 21, 2025
ARI Replaces - behavior differences across CAs for multiple candidates Client dev	14	240	March 10, 2025
Win-acme ARI 'replaces' error prevent cert renewal Help	3	262	January 25, 2026
Implications of "replaces" in order objects Client dev	15	1086	April 19, 2024

Possible elevated ARI errors "requester account did not request the certificate being replaced by this order"

Related topics