The client lacks sufficient authorization :: Account is not valid, has status "deactivated" - stop working

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: dialogueweb.net

I ran this command: certbot

It produced this output:
Do you want to expand and replace this existing certificate with the new certificate?


(E)xpand/©ancel: e
Renewing an existing certificate
An unexpected error occurred:
The client lacks sufficient authorization :: Account is not valid, has status “deactivated”
Please see the logfiles in /var/log/letsencrypt for more details.

Date: Sat, 28 Mar 2020 13:17:09 GMT
Content-Type: application/problem+json
Content-Length: 136
Connection: keep-alive
Cache-Control: public, max-age=0, no-cache
Link: https://acme-v02.api.letsencrypt.org/directory;rel=“index”
Replay-Nonce: 0001OkEAMCDMfN5SIx3iCxU6fQ5cByw3n2z-r6peoGo9xuQ

{
“type”: “urn:ietf:params:acme:error:unauthorized”,
“detail”: “Account is not valid, has status “deactivated””,
“status”: 403
}
2020-03-28 14:17:09,529:DEBUG:certbot.log:Exiting abnormally:
Traceback (most recent call last):
File “/usr/bin/certbot”, line 11, in
load_entry_point(‘certbot==0.31.0’, ‘console_scripts’, ‘certbot’)()
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1365, in main
return config.func(config, plugins)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 1119, in run
certname, lineage)
File “/usr/lib/python3/dist-packages/certbot/main.py”, line 116, in _get_and_save_cert
renewal.renew_cert(config, domains, le_client, lineage)
File “/usr/lib/python3/dist-packages/certbot/renewal.py”, line 310, in renew_cert
new_cert, new_chain, new_key, _ = le_client.obtain_certificate(domains, new_key)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 353, in obtain_certificate
orderr = self._get_order_and_authorizations(csr.data, self.config.allow_subset_of_names)
File “/usr/lib/python3/dist-packages/certbot/client.py”, line 385, in _get_order_and_authorizations
orderr = self.acme.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 889, in new_order
return self.client.new_order(csr_pem)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 672, in new_order
response = self._post(self.directory[‘newOrder’], order)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 96, in _post
return self.net.post(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1204, in post
return self._post_once(*args, **kwargs)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1218, in _post_once
response = self._check_response(response, content_type=content_type)
File “/usr/lib/python3/dist-packages/acme/client.py”, line 1073, in _check_response
raise messages.Error.from_json(jobj)
acme.messages.Error: urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Account is not valid, has status “deactivated”
2020-03-28 14:17:09,531:ERROR:certbot.log:An unexpected error occurred:
2020-03-28 14:17:09,531:ERROR:certbot.log:The client lacks sufficient authorization :: Account is not valid, has status “deactivated”

My web server is (include version): Ubuntu 18.04

The operating system my web server runs on is (include version): Ubuntu 18.04

My hosting provider, if applicable, is: ISPConfig - own server

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): ISPConfig

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): certbot 0.31.0

My account f32ab98c6a0xxxxx is deleted on another server. This use the same. How to make a new? New for both servers?

1 Like

Each server should have their own. (or, at least, you should not deactivate accounts if the account key is not compromised)

Check certbot --help, the command you should need is certbot register

1 Like

root @ mail0 ~ # certbot register
Saving debug log to /var/log/letsencrypt/letsencrypt.log
There is an existing account; registration of a duplicate account with this command is currently unsupported.

Can I remove existing account safely? A lot of sites have certs…

…log file …
acme.messages.Error: urn:ietf:params:acme:error:unauthorized :: The client lacks sufficient authorization :: Account is not valid, has status “deactivated”
2020-03-28 14:17:09,531:ERROR:certbot.log:An unexpected error occurred:
2020-03-28 14:17:09,531:ERROR:certbot.log:The client lacks sufficient authorization :: Account is not valid, has status “deactivated”
2020-03-28 14:41:58,464:DEBUG:certbot.main:certbot version: 0.31.0
2020-03-28 14:41:58,465:DEBUG:certbot.main:Arguments:
2020-03-28 14:41:58,465:DEBUG:certbot.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2020-03-28 14:41:58,473:DEBUG:certbot.log:Root logging level set at 20

You should make a backup of /etc/letsencrypt (tar -cf ~/LE_backup.tar /etc/letsencrypt)

But it’s a mess, renewals are linked to your current account.

So yeah, it should work but make a backup and it will take some sed -i.bak s/^account/#account/g /etc/letsencrypt/renewal/* (I think)

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.