Hi all An instance running httpd v2.4.66 persistently fails to renew certificates with an ACME unauthorized error. ZeroSSL rejects the replaces field in the new order, claiming the certificate being replaced does not belong to the current ACME account. Renewal never succeeds and the error counter keeps incrementing. Renewal was working prior to the upgrade to v2.4.66. Environment
* Apache httpd version: 2.4.66
*
ACME CA: ZeroSSL
Observed Behavior
Renewal fails repeatedly with error count accumulating. The job.json /
md-status output shows status 13 (Permission denied), problem
urn:ietf:params:acme:error:unauthorized, with the detail: "The 'replaces' field
does not identify a certificate that belongs to this ACME account", during the
activity "Creating new order ... replacing-cert=...".
{
"renewal": {
"name": "xxx",
"finished": false,
"notified": false,
"notified-renewed": false,
"next-run": "Fri, 19 Jun 2026 06:09:00 GMT",
"last-run": "Thu, 18 Jun 2026 22:44:59 GMT",
"errors": 11,
"last": {
"status": 13,
"status-description": "Permission denied",
"problem": "urn:ietf:params:acme:error:unauthorized",
"detail": "The \"replaces\" field does not identify a certificate that
belongs to this ACME account",
"activity": "Creating new order, key-spec=default, profile=none,
replacing-cert=xxx"
},
"cert": {}
}
}
Is this a known issue? Is there a recommended mitigation?
Regards, Armin
smime.p7s
Description: S/MIME cryptographic signature
