diff --git a/debian/acmeserver.service b/debian/acmeserver.service
index f5c62c05564e056f5372b00d12487a8e04298743..3549e82465d22ce200f27d58ad880df8ffe1ddea 100644
--- a/debian/acmeserver.service
+++ b/debian/acmeserver.service
@@ -17,6 +17,7 @@ PrivateDevices=yes
 ProtectHome=yes
 ProtectSystem=full
 ReadOnlyDirectories=/
+ReadWriteDirectories=/var/lib/acme
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE
 
 [Install]