diff --git a/apps/dokploy/server/api/routers/certificate.ts b/apps/dokploy/server/api/routers/certificate.ts
index df908c8b4..fb9085ffa 100644
--- a/apps/dokploy/server/api/routers/certificate.ts
+++ b/apps/dokploy/server/api/routers/certificate.ts
@@ -76,7 +76,7 @@ export const certificateRouter = createTRPCRouter({
 			where: eq(certificates.organizationId, ctx.session.activeOrganizationId),
 		});
 	}),
-	update: adminProcedure
+	update: withPermission("certificate", "update")
 		.input(apiUpdateCertificate)
 		.mutation(async ({ input, ctx }) => {
 			const certificate = await findCertificateById(input.certificateId);
diff --git a/packages/server/src/lib/access-control.ts b/packages/server/src/lib/access-control.ts
index 1289f4116..72a5a76af 100644
--- a/packages/server/src/lib/access-control.ts
+++ b/packages/server/src/lib/access-control.ts
@@ -37,7 +37,7 @@ export const statements = {
 	environmentEnvVars: ["read", "write"],
 	server: ["read", "create", "delete"],
 	registry: ["read", "create", "delete"],
-	certificate: ["read", "create", "delete"],
+	certificate: ["read", "create", "update", "delete"],
 	backup: ["read", "create", "update", "delete", "restore"],
 	volumeBackup: ["read", "create", "update", "delete", "restore"],
 	schedule: ["read", "create", "update", "delete"],
@@ -102,7 +102,7 @@ export const ownerRole = ac.newRole({
 	environmentEnvVars: ["read", "write"],
 	server: ["read", "create", "delete"],
 	registry: ["read", "create", "delete"],
-	certificate: ["read", "create", "delete"],
+	certificate: ["read", "create", "update", "delete"],
 	backup: ["read", "create", "update", "delete", "restore"],
 	volumeBackup: ["read", "create", "update", "delete", "restore"],
 	schedule: ["read", "create", "update", "delete"],
@@ -139,7 +139,7 @@ export const adminRole = ac.newRole({
 	environmentEnvVars: ["read", "write"],
 	server: ["read", "create", "delete"],
 	registry: ["read", "create", "delete"],
-	certificate: ["read", "create", "delete"],
+	certificate: ["read", "create", "update", "delete"],
 	backup: ["read", "create", "update", "delete", "restore"],
 	volumeBackup: ["read", "create", "update", "delete", "restore"],
 	schedule: ["read", "create", "update", "delete"],