diff --git a/internal/acme/acme.go b/internal/acme/acme.go
index 8506f721..a0f05a1e 100644
--- a/internal/acme/acme.go
+++ b/internal/acme/acme.go
@@ -44,6 +44,7 @@ import (
 	"github.com/go-acme/lego/v4/log"
 	"github.com/go-acme/lego/v4/providers/http/webroot"
 	"github.com/go-acme/lego/v4/registration"
+	"github.com/hashicorp/go-retryablehttp"
 	"github.com/robfig/cron/v3"
 
 	"github.com/drakkan/sftpgo/v2/internal/common"
@@ -492,6 +493,13 @@ func (c *Configuration) setup() (*account, *lego.Client, error) {
 	config.Certificate.KeyType = certcrypto.KeyType(c.KeyType)
 	config.Certificate.OverallRequestLimit = 6
 	config.UserAgent = version.GetServerVersion("/", false)
+
+	retryClient := retryablehttp.NewClient()
+	retryClient.RetryMax = 5
+	retryClient.HTTPClient = config.HTTPClient
+
+	config.HTTPClient = retryClient.StandardClient()
+
 	client, err := lego.NewClient(config)
 	if err != nil {
 		acmeLog(logger.LevelError, "unable to get ACME client: %v", err)
@@ -559,6 +567,12 @@ func (c *Configuration) tryRecoverRegistration(privateKey crypto.PrivateKey) (*r
 	config.CADirURL = c.CAEndpoint
 	config.UserAgent = version.GetServerVersion("/", false)
 
+	retryClient := retryablehttp.NewClient()
+	retryClient.RetryMax = 5
+	retryClient.HTTPClient = config.HTTPClient
+
+	config.HTTPClient = retryClient.StandardClient()
+
 	client, err := lego.NewClient(config)
 	if err != nil {
 		acmeLog(logger.LevelError, "unable to get the ACME client: %v", err)