diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java
index dbe6d49f9e..3a6bbd2485 100644
--- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java
+++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/converter/CertificateAuthorityConverter.java
@@ -59,7 +59,6 @@ public CertificateAuthority convert(ApprovedCaDto approvedCaDto) {
         ca.setPath(String.join(":", approvedCaDto.getSubjectDnPath()));
         ca.setTopCa(approvedCaDto.isTopCa());
         ca.acmeCapable(approvedCaDto.isAcmeCapable());
-        ca.acmeEabRequired(approvedCaDto.isAcmeEabRequired());
         ca.certificateProfileInfo(approvedCaDto.getCertificateProfileInfo());
         ca.acmeServerIpAddresses(ofNullable(approvedCaDto.getAcmeServerIpAddress())
                 .map(ips -> ips.split(","))
diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java
index 4928af4ffc..f5a0c06bc9 100644
--- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java
+++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/dto/ApprovedCaDto.java
@@ -49,6 +49,5 @@ public class ApprovedCaDto {
     private final List<String> subjectDnPath;
     private final String certificateProfileInfo;
     private final boolean acmeCapable;
-    private final boolean acmeEabRequired;
     private final String acmeServerIpAddress;
 }
diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java
index b1005d2290..43dcae3570 100644
--- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java
+++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/openapi/CertificateAuthoritiesApiController.java
@@ -182,8 +182,13 @@ public ResponseEntity<Set<CsrSubjectFieldDescription>> getSubjectFieldDescriptio
     public ResponseEntity<AcmeEabCredentialsStatus> hasAcmeExternalAccountBindingCredentials(String caName,
                                                                                              KeyUsageType keyUsageType,
                                                                                              String memberId) {
-        boolean hasAcmeEabCredentials = certificateAuthorityService.hasAcmeExternalAccountBindingCredentials(caName, memberId);
-        return new ResponseEntity<>(new AcmeEabCredentialsStatus(hasAcmeEabCredentials), HttpStatus.OK);
+        try {
+            final var isAcmeEabRequired = certificateAuthorityService.isAcmeExternalAccountBindingRequired(caName);
+            final var hasAcmeEabCredentials = certificateAuthorityService.hasAcmeExternalAccountBindingCredentials(caName, memberId);
+            return new ResponseEntity<>(new AcmeEabCredentialsStatus(isAcmeEabRequired, hasAcmeEabCredentials), HttpStatus.OK);
+        } catch (CertificateAuthorityNotFoundException e) {
+            throw new ResourceNotFoundException(e);
+        }
     }
 
     @Override
diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/AcmeService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/AcmeService.java
index 2364e617fd..eb3731d4aa 100644
--- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/AcmeService.java
+++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/AcmeService.java
@@ -235,7 +235,7 @@ private void accountWithEabCredentials(AccountBuilder accountBuilder, KeyUsageIn
     private static Metadata getMetadata(Session session) {
         try {
             return session.getMetadata();
-        } catch (AcmeException e) {
+        } catch (Exception e) {
             throw new AcmeServiceException(FETCHING_METADATA_ERROR, e);
         }
     }
diff --git a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java
index 48a56b9128..40a2490993 100644
--- a/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java
+++ b/src/security-server/admin-service/application/src/main/java/org/niis/xroad/securityserver/restapi/service/CertificateAuthorityService.java
@@ -54,11 +54,9 @@
 
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
-import java.util.Collection;
 import java.util.List;
 import java.util.Map;
 import java.util.Objects;
-import java.util.Optional;
 import java.util.stream.Collectors;
 
 import static org.niis.xroad.restapi.exceptions.DeviationCodes.ERROR_CA_CERT_PROCESSING;
@@ -189,17 +187,7 @@ private ApprovedCaDto buildCertificateAuthorityDto(
         builder.name(approvedCAInfo.getName());
         builder.certificateProfileInfo(approvedCAInfo.getCertificateProfileInfo());
         builder.acmeServerIpAddress(approvedCAInfo.getAcmeServerIpAddress());
-        boolean acmeCapable = approvedCAInfo.getAcmeServerDirectoryUrl() != null;
-        builder.acmeCapable(acmeCapable);
-        if (acmeCapable) {
-            try {
-                builder.acmeEabRequired(
-                        acmeService.isExternalAccountBindingRequired(approvedCAInfo.getAcmeServerDirectoryUrl()));
-            } catch (AcmeServiceException e) {
-                log.warn("Acme Server for {} not reachable: {}", approvedCAInfo.getName(), e.getCause().getMessage());
-                builder.acmeEabRequired(false);
-            }
-        }
+        builder.acmeCapable(approvedCAInfo.getAcmeServerDirectoryUrl() != null);
 
         // properties from X509Certificate
         builder.notAfter(FormatUtils.fromDateToOffsetDateTime(certificate.getNotAfter()));
@@ -241,6 +229,11 @@ List<String> buildPath(X509Certificate certificate,
         return pathElements;
     }
 
+    public boolean isAcmeExternalAccountBindingRequired(String caName) throws CertificateAuthorityNotFoundException {
+        final var acmeUrl = getCertificateAuthorityInfo(caName).getAcmeServerDirectoryUrl();
+        return acmeUrl != null && acmeService.isExternalAccountBindingRequired(acmeUrl);
+    }
+
     public boolean hasAcmeExternalAccountBindingCredentials(String caName, String memberId) {
         return acmeProperties.hasEabCredentials(
                 caName,
@@ -262,7 +255,7 @@ public boolean hasAcmeExternalAccountBindingCredentials(String caName, String me
     public CertificateProfileInfo getCertificateProfile(String caName, KeyUsageInfo keyUsageInfo, ClientId memberId,
                                                         boolean isNewMember)
             throws CertificateAuthorityNotFoundException, CertificateProfileInstantiationException,
-            WrongKeyUsageException, ClientNotFoundException {
+                   WrongKeyUsageException, ClientNotFoundException {
         ApprovedCAInfo caInfo = getCertificateAuthorityInfo(caName);
         if (Boolean.TRUE.equals(caInfo.getAuthenticationOnly()) && KeyUsageInfo.SIGNING == keyUsageInfo) {
             throw new WrongKeyUsageException();
@@ -302,15 +295,11 @@ public CertificateProfileInfo getCertificateProfile(String caName, KeyUsageInfo
      * @throws CertificateAuthorityNotFoundException if matching CA was not found
      */
     public ApprovedCAInfo getCertificateAuthorityInfo(String caName) throws CertificateAuthorityNotFoundException {
-        Collection<ApprovedCAInfo> cas = globalConfService.getApprovedCAsForThisInstance();
-        Optional<ApprovedCAInfo> ca = cas.stream()
+        return globalConfService.getApprovedCAsForThisInstance().stream()
                 .filter(item -> caName.equals(item.getName()))
-                .findFirst();
-        if (ca.isEmpty()) {
-            throw new CertificateAuthorityNotFoundException("certificate authority "
-                    + caName + " not_found");
-        }
-        return ca.get();
+                .findFirst()
+                .orElseThrow(() -> new CertificateAuthorityNotFoundException("certificate authority "
+                        + caName + " not_found"));
     }
 
     /**
diff --git a/src/security-server/admin-service/ui/src/components/wizard/WizardPageCsrDetails.vue b/src/security-server/admin-service/ui/src/components/wizard/WizardPageCsrDetails.vue
index 034a5c20f6..f119d498c7 100644
--- a/src/security-server/admin-service/ui/src/components/wizard/WizardPageCsrDetails.vue
+++ b/src/security-server/admin-service/ui/src/components/wizard/WizardPageCsrDetails.vue
@@ -87,7 +87,7 @@
     </div>
     <div class="button-footer">
       <xrd-button outlined data-test="cancel-button" @click="cancel"
-        >{{ $t('action.cancel') }}
+      >{{ $t('action.cancel') }}
       </xrd-button>
 
       <xrd-button
@@ -96,7 +96,7 @@
         class="previous-button"
         data-test="previous-button"
         @click="previous"
-        >{{ $t('action.previous') }}
+      >{{ $t('action.previous') }}
       </xrd-button>
       <xrd-button :disabled="!meta.valid" data-test="save-button" @click="done">
         {{ $t(saveButtonText) }}
@@ -116,6 +116,7 @@ import { useCsr } from '@/store/modules/certificateSignRequest';
 import { defineRule, PublicPathState, useForm } from 'vee-validate';
 import { FieldValidationMetaInfo } from '@vee-validate/i18n';
 import { i18n } from '@/plugins/i18n';
+import { useNotifications } from '@/store/modules/notifications';
 
 defineRule(
   'requiredIfSigning',
@@ -261,15 +262,15 @@ export default defineComponent({
   },
   methods: {
     ...mapActions(useCsr, ['fetchAllMemberIds', 'hasAcmeEabCredentials']),
+    ...mapActions(useNotifications, ['showError']),
     done(): void {
       this.usage = this.values.csr.usage;
       this.csrClient = this.values.csr.client;
       this.certificationService = this.values.csr.certificationService;
       this.csrFormat = this.values.csr.csrFormat;
       this.hasAcmeEabCredentials()
-        .finally(() => {
-          this.$emit('done');
-        });
+        .catch((error) => this.showError(error, true))
+        .finally(() => this.$emit('done'));
     },
     previous(): void {
       this.$emit('previous');
diff --git a/src/security-server/admin-service/ui/src/locales/en.json b/src/security-server/admin-service/ui/src/locales/en.json
index 634161b4a7..2ee1184003 100644
--- a/src/security-server/admin-service/ui/src/locales/en.json
+++ b/src/security-server/admin-service/ui/src/locales/en.json
@@ -278,6 +278,7 @@
     "csrDetails": "CSR details",
     "csrFormat": "CSR Format",
     "eabCredRequired": "Selected Certification Authority requires external account binding for ACME, but the credentials are missing from the configuration.",
+    "failedFetchAcmeMetadata": "Failed to fetch ACME metadata for selected Certification Authority, this may cause errors on the next steps.",
     "generateCsr": "Generate CSR",
     "helpCertificationService": "Certification Authority (CA) that will issue the certificate.",
     "helpClient": "X-Road member the certificate will be issued for.",
@@ -564,7 +565,8 @@
       "certService": "Certification Service",
       "client": "Client",
       "csrFormat": "CSR Format",
-      "usage": "Usage"
+      "usage": "Usage",
+      "certificationService": "Certification Service"
     },
     "dns": "DNS",
     "keys": {
diff --git a/src/security-server/admin-service/ui/src/store/modules/certificateSignRequest.ts b/src/security-server/admin-service/ui/src/store/modules/certificateSignRequest.ts
index e0d348a54e..08b5748c6d 100644
--- a/src/security-server/admin-service/ui/src/store/modules/certificateSignRequest.ts
+++ b/src/security-server/admin-service/ui/src/store/modules/certificateSignRequest.ts
@@ -36,7 +36,7 @@ import {
   KeyUsageType,
   KeyWithCertificateSigningRequestId,
   TokenCertificateSigningRequest,
-  TokenType
+  TokenType,
 } from "@/openapi-types";
 import { defineStore } from "pinia";
 import * as api from "@/util/api";
@@ -57,6 +57,7 @@ export interface CsrState {
   memberIds: string[];
   isNewMember: boolean;
   acmeEabCredentialsStatus: AcmeEabCredentialsStatus | undefined;
+  failedFetchAcmeMetadata: boolean;
   acmeOrder: boolean;
 }
 
@@ -77,6 +78,7 @@ export const useCsr = defineStore('csr', {
       memberIds: [],
       isNewMember: false,
       acmeEabCredentialsStatus: undefined,
+      failedFetchAcmeMetadata: false,
       acmeOrder: false,
     };
   },
@@ -92,10 +94,7 @@ export const useCsr = defineStore('csr', {
       )?.acme_capable,
 
     eabRequired: (state) =>
-      state.certificationServiceList.find(
-        (certificateAuthority) =>
-          certificateAuthority.name == state.certificationService,
-      )?.acme_eab_required,
+      state.acmeEabCredentialsStatus?.acme_eab_required,
 
     csrRequestBody(state): CsrGenerate {
       // Creates an object that can be used as body for generate CSR request
@@ -278,7 +277,7 @@ export const useCsr = defineStore('csr', {
       if (!usage) {
         throw new Error('Key usage is missing');
       }
-      return api.post(`/certificate-authorities/${encodePathParameter(caName)}/acme-order`,{
+      return api.post(`/certificate-authorities/${encodePathParameter(caName)}/acme-order`, {
         csr_id: csr.id,
         key_usage_type: usage,
       })
@@ -288,6 +287,8 @@ export const useCsr = defineStore('csr', {
     },
 
     hasAcmeEabCredentials(caName?: string, csrClientId?: string, keyUsage?: KeyUsageType) {
+      this.failedFetchAcmeMetadata = false;
+
       return api
         .get<AcmeEabCredentialsStatus>(
           `/certificate-authorities/${encodePathParameter(
@@ -305,6 +306,7 @@ export const useCsr = defineStore('csr', {
           return res.data;
         })
         .catch((error) => {
+          this.failedFetchAcmeMetadata = error?.response?.data?.error?.code === 'acme.fetching_metadata_error';
           throw error;
         });
     },
diff --git a/src/security-server/admin-service/ui/src/store/modules/notifications.ts b/src/security-server/admin-service/ui/src/store/modules/notifications.ts
index cc15e7d5d2..d1fabe3ca7 100644
--- a/src/security-server/admin-service/ui/src/store/modules/notifications.ts
+++ b/src/security-server/admin-service/ui/src/store/modules/notifications.ts
@@ -109,12 +109,13 @@ export const useNotifications = defineStore('notifications', {
     },
 
     // Show error notification with axios error object
-    showError(errorObject: unknown): void {
+    showError(errorObject: unknown, asWarning = false): void {
       // Show error using the x-road specific data in an axios error object
       // Don't show errors when the error code is 401 which is usually because of session expiring
       if (axios.isAxiosError(errorObject)) {
         if (errorObject?.response?.status !== 401) {
           const notification = createEmptyNotification(-1);
+          notification.isWarning = asWarning;
 
           // Add validation errors
 
diff --git a/src/security-server/admin-service/ui/src/views/AddClient/AddClient.vue b/src/security-server/admin-service/ui/src/views/AddClient/AddClient.vue
index cc76ff8270..80ac602092 100644
--- a/src/security-server/admin-service/ui/src/views/AddClient/AddClient.vue
+++ b/src/security-server/admin-service/ui/src/views/AddClient/AddClient.vue
@@ -226,7 +226,7 @@ function csrDetailsReady(): void {
 
   fetchCsrForm()
     .then(() => hasAcmeEabCredentials())
-    .then(() => currentStep.value++)
+    .finally(() => currentStep.value++)
     .catch((error) => showError(error));
 }
 
diff --git a/src/security-server/admin-service/ui/src/views/KeysAndCertificates/SignAndAuthKeys/AcmeOrderCertificateDialog.vue b/src/security-server/admin-service/ui/src/views/KeysAndCertificates/SignAndAuthKeys/AcmeOrderCertificateDialog.vue
index f32cc9004e..98f0c86b79 100644
--- a/src/security-server/admin-service/ui/src/views/KeysAndCertificates/SignAndAuthKeys/AcmeOrderCertificateDialog.vue
+++ b/src/security-server/admin-service/ui/src/views/KeysAndCertificates/SignAndAuthKeys/AcmeOrderCertificateDialog.vue
@@ -60,6 +60,7 @@ import { useField } from "vee-validate";
 import { mapActions, mapState } from "pinia";
 import { useCsr } from "@/store/modules/certificateSignRequest";
 import { KeyUsageType, TokenCertificateSigningRequest } from "@/openapi-types";
+import { useNotifications } from '@/store/modules/notifications';
 
 export default defineComponent({
   props: {
@@ -103,14 +104,15 @@ export default defineComponent({
   watch: {
     certificateService(newValue: string) {
       const newCA = this.acmeCertificateServices.find(ca => ca.name == newValue);
-      if (newCA?.acme_eab_required) {
+      if (newCA?.acme_capable) {
         this.hasAcmeEabCredentials(newCA.name, this.csr.owner_id, this.keyUsage)
           .then((res) => {
-            this.hasAcmeEabRequiredButNoCredentials = !res.has_acme_external_account_credentials;
+            this.hasAcmeEabRequiredButNoCredentials = res.acme_eab_required && !res.has_acme_external_account_credentials;
             if (this.hasAcmeEabRequiredButNoCredentials) {
               this.setErrors(this.$t('csr.eabCredRequired'));
             }
-          });
+          })
+          .catch((error) => this.showError(error, true));
       } else {
         this.hasAcmeEabRequiredButNoCredentials = false;
       }
@@ -118,6 +120,7 @@ export default defineComponent({
   },
   methods: {
     ...mapActions(useCsr, ['hasAcmeEabCredentials']),
+    ...mapActions(useNotifications, ['showError']),
     cancel(): void {
       this.$emit('cancel');
       this.clear();
diff --git a/src/security-server/admin-service/ui/src/views/KeysAndCertificates/SignAndAuthKeys/KeysTable.vue b/src/security-server/admin-service/ui/src/views/KeysAndCertificates/SignAndAuthKeys/KeysTable.vue
index 6dc3ab5592..b943484c25 100644
--- a/src/security-server/admin-service/ui/src/views/KeysAndCertificates/SignAndAuthKeys/KeysTable.vue
+++ b/src/security-server/admin-service/ui/src/views/KeysAndCertificates/SignAndAuthKeys/KeysTable.vue
@@ -33,119 +33,119 @@
       />
 
       <tbody v-for="key in sortedKeys" :key="key.id">
-        <!-- SOFTWARE token table body -->
-        <template v-if="tokenType === tokenTypes.SOFTWARE">
-          <KeyRow
-            :token-logged-in="tokenLoggedIn"
-            :token-key="key"
-            @generate-csr="generateCsr(key)"
-            @key-click="keyClick(key)"
-          />
+      <!-- SOFTWARE token table body -->
+      <template v-if="tokenType === tokenTypes.SOFTWARE">
+        <KeyRow
+          :token-logged-in="tokenLoggedIn"
+          :token-key="key"
+          @generate-csr="generateCsr(key)"
+          @key-click="keyClick(key)"
+        />
 
-          <CertificateRow
-            v-for="cert in key.certificates"
-            :key="cert.certificate_details.issuer_distinguished_name"
-            :cert="cert"
-            @certificate-click="certificateClick(cert, key)"
-          >
-            <template #certificateAction>
-              <xrd-button
-                v-if="
+        <CertificateRow
+          v-for="cert in key.certificates"
+          :key="cert.certificate_details.issuer_distinguished_name"
+          :cert="cert"
+          @certificate-click="certificateClick(cert, key)"
+        >
+          <template #certificateAction>
+            <xrd-button
+              v-if="
                   showRegisterCertButton &&
                   cert.possible_actions?.includes(PossibleAction.REGISTER)
                 "
-                class="table-button-fix test-register"
-                :outlined="false"
-                text
-                @click="showRegisterCertDialog(cert)"
-                >{{ $t('action.register') }}</xrd-button
-              >
-            </template>
-          </CertificateRow>
-        </template>
+              class="table-button-fix test-register"
+              :outlined="false"
+              text
+              @click="showRegisterCertDialog(cert)"
+            >{{ $t('action.register') }}
+            </xrd-button>
+          </template>
+        </CertificateRow>
+      </template>
 
-        <!-- HARDWARE token table body -->
-        <template v-if="tokenType === 'HARDWARE'">
-          <KeyRow
-            :token-logged-in="tokenLoggedIn"
-            :token-key="key"
-            @generate-csr="generateCsr(key)"
-            @key-click="keyClick(key)"
-          />
+      <!-- HARDWARE token table body -->
+      <template v-if="tokenType === 'HARDWARE'">
+        <KeyRow
+          :token-logged-in="tokenLoggedIn"
+          :token-key="key"
+          @generate-csr="generateCsr(key)"
+          @key-click="keyClick(key)"
+        />
 
-          <CertificateRow
-            v-for="cert in key.certificates"
-            :key="cert.certificate_details.issuer_distinguished_name"
-            :cert="cert"
-            @certificate-click="certificateClick(cert, key)"
-          >
-            <template #certificateAction>
-              <template v-if="canImportFromToken">
-                <xrd-button
-                  v-if="
+        <CertificateRow
+          v-for="cert in key.certificates"
+          :key="cert.certificate_details.issuer_distinguished_name"
+          :cert="cert"
+          @certificate-click="certificateClick(cert, key)"
+        >
+          <template #certificateAction>
+            <template v-if="canImportFromToken">
+              <xrd-button
+                v-if="
                     cert.possible_actions?.includes(
                       PossibleAction.IMPORT_FROM_TOKEN,
                     )
                   "
-                  class="table-button-fix"
-                  :outlined="false"
-                  text
-                  @click="importCert(cert.certificate_details.hash)"
-                  >{{ $t('keys.importCert') }}</xrd-button
-                >
+                class="table-button-fix"
+                :outlined="false"
+                text
+                @click="importCert(cert.certificate_details.hash)"
+              >{{ $t('keys.importCert') }}
+              </xrd-button>
 
-                <!-- Special case where HW cert has auth usage -->
-                <div v-else-if="key.usage === 'AUTHENTICATION'">
-                  {{ $t('keys.authNotSupported') }}
-                </div>
-              </template>
+              <!-- Special case where HW cert has auth usage -->
+              <div v-else-if="key.usage === 'AUTHENTICATION'">
+                {{ $t('keys.authNotSupported') }}
+              </div>
             </template>
-          </CertificateRow>
-        </template>
+          </template>
+        </CertificateRow>
+      </template>
 
-        <!-- CSRs -->
-        <template
-          v-if="
+      <!-- CSRs -->
+      <template
+        v-if="
             key.certificate_signing_requests &&
             key.certificate_signing_requests.length > 0
           "
-        >
-          <tr v-for="req in key.certificate_signing_requests" :key="req.id">
-            <td class="td-name">
-              <div class="name-wrap">
-                <i class="icon-Certificate cert-icon" />
-                <div>{{ $t('keys.request') }}</div>
-              </div>
-            </td>
-            <td colspan="4">{{ req.id }}</td>
-            <td class="td-align-right">
-              <xrd-button
-                v-if="isAcmeCapable(req, key)"
-                :disabled="!canImportCertificate(key) || !tokenLoggedIn"
-                class="table-button-fix"
-                :outlined="false"
-                text
-                data-test="order-acme-certificate-button"
-                :loading="acmeOrderLoading"
-                @click="openAcmeOrderCertificateDialog(req, key)"
-              >
-                {{ $t('keys.orderAcmeCertificate') }}
-              </xrd-button>
-              <xrd-button
-                v-if="
+      >
+        <tr v-for="req in key.certificate_signing_requests" :key="req.id">
+          <td class="td-name">
+            <div class="name-wrap">
+              <i class="icon-Certificate cert-icon" />
+              <div>{{ $t('keys.request') }}</div>
+            </div>
+          </td>
+          <td colspan="4">{{ req.id }}</td>
+          <td class="td-align-right">
+            <xrd-button
+              v-if="isAcmeCapable(req, key)"
+              :disabled="!canImportCertificate(key) || !tokenLoggedIn"
+              class="table-button-fix"
+              :outlined="false"
+              text
+              data-test="order-acme-certificate-button"
+              :loading="acmeOrderLoading[req.id]"
+              @click="openAcmeOrderCertificateDialog(req, key)"
+            >
+              {{ $t('keys.orderAcmeCertificate') }}
+            </xrd-button>
+            <xrd-button
+              v-if="
                   req.possible_actions.includes(PossibleAction.DELETE) &&
                   canDeleteCsr(key)
                 "
-                class="table-button-fix"
-                :outlined="false"
-                text
-                data-test="delete-csr-button"
-                @click="showDeleteCsrDialog(req, key)"
-                >{{ $t('keys.deleteCsr') }}</xrd-button
-              >
-            </td>
-          </tr>
-        </template>
+              class="table-button-fix"
+              :outlined="false"
+              text
+              data-test="delete-csr-button"
+              @click="showDeleteCsrDialog(req, key)"
+            >{{ $t('keys.deleteCsr') }}
+            </xrd-button>
+          </td>
+        </tr>
+      </template>
       </tbody>
     </table>
 
@@ -161,7 +161,7 @@
       :keyUsage="selectedKey?.usage"
       @cancel="showAcmeOrderCertificateDialog = false"
       @save="orderCertificateViaAcme($event)"
-    ></AcmeOrderCertificateDialog>
+    />
 
     <xrd-confirm-dialog
       v-if="confirmDeleteCsr"
@@ -183,17 +183,18 @@ import KeyRow from './KeyRow.vue';
 import CertificateRow from './CertificateRow.vue';
 import KeysTableThead from './KeysTableThead.vue';
 import {
-  Key, KeyUsageType,
+  Key,
+  KeyUsageType,
   PossibleAction,
   TokenCertificate,
   TokenCertificateSigningRequest,
-  TokenType
+  TokenType,
 } from "@/openapi-types";
 import { Permissions } from '@/global';
+import * as Sorting from './keyColumnSorting';
 import { KeysSortColumn } from './keyColumnSorting';
 import * as api from '@/util/api';
 import { encodePathParameter } from '@/util/api';
-import * as Sorting from './keyColumnSorting';
 import { mapActions, mapState } from 'pinia';
 import { useUser } from '@/store/modules/user';
 import { useNotifications } from '@/store/modules/notifications';
@@ -241,7 +242,7 @@ export default defineComponent({
       sortDirection: false,
       selectedSort: KeysSortColumn.NAME,
       tokenTypes: TokenType,
-      acmeOrderLoading: false,
+      acmeOrderLoading: {} as Record<string, boolean>,
     };
   },
   computed: {
@@ -347,7 +348,8 @@ export default defineComponent({
     },
     orderCertificateViaAcme(caName: string): void {
       this.showAcmeOrderCertificateDialog = false;
-      this.acmeOrderLoading = true;
+      let csrId = this.selectedCsr?.id || '';
+      this.acmeOrderLoading[csrId] = true;
       this.orderAcmeCertificate(this.selectedCsr as TokenCertificateSigningRequest, caName, this.selectedKey?.usage)
         .then(() => {
           this.showSuccess(this.$t('keys.acmeCertOrdered'));
@@ -357,7 +359,7 @@ export default defineComponent({
           this.showError(error);
         })
         .finally(() => {
-          this.acmeOrderLoading = false;
+          this.acmeOrderLoading[csrId] = false;
         });
     },
     deleteCsr(): void {
diff --git a/src/security-server/openapi-model/src/main/resources/META-INF/openapi-definition.yaml b/src/security-server/openapi-model/src/main/resources/META-INF/openapi-definition.yaml
index a8234c122d..dbc2d57248 100644
--- a/src/security-server/openapi-model/src/main/resources/META-INF/openapi-definition.yaml
+++ b/src/security-server/openapi-model/src/main/resources/META-INF/openapi-definition.yaml
@@ -4717,8 +4717,16 @@ paths:
             application/json:
               schema:
                 $ref: '#/components/schemas/AcmeEabCredentialsStatus'
+        '400':
+          description: request was invalid
+        '401':
+          description: authentication credentials are missing
         '403':
           description: request has been refused
+        '406':
+          description: request specified an invalid format
+        '500':
+          description: internal server error
   /certificate-authorities/{ca_name}/acme-order:
     post:
       tags:
@@ -5940,9 +5948,6 @@ components:
         acme_capable:
           type: boolean
           description: if certificate authority supports ACME
-        acme_eab_required:
-          type: boolean
-          description: if certificate authority required external account binding for ACME
         acme_server_ip_addresses:
           type: array
           description: ACME server IP address(es) that can be helpful in configuring the firewall rules.
@@ -6210,7 +6215,11 @@ components:
       description: Whether there are credentials in the configuration for the given Member and CA. Used for binding the CA external account with the ACME server's account.
       required:
         - has_acme_external_account_credentials
+        - acme_eab_required
       properties:
+        acme_eab_required:
+          type: boolean
+          description: if certificate authority required external account binding for ACME
         has_acme_external_account_credentials:
           type: boolean
           description: whether there are credentials present in the configuration.