diff --git a/pkg/issuer/privateACM/setup.go b/pkg/issuer/privateACM/setup.go
index 2fe2412c15a..722224e073e 100644
--- a/pkg/issuer/privateACM/setup.go
+++ b/pkg/issuer/privateACM/setup.go
@@ -25,11 +25,12 @@ import (
 )
 
 const (
-	errorPrivateACM                 = "PrivateACMError"
-	messagePrivateACMConfigRequired = "Private ACM config cannot be empty"
-	messageCertAuthorityARNRequired = "Certificate Authority ARN cannot be empty"
-	successPrivateACMVerified       = "KeyPairVerified"
-	messagePrivateACMVerified       = "Private ACM Verified"
+	errorPrivateACM                   = "PrivateACMError"
+	messagePrivateACMConfigRequired   = "Private ACM config cannot be empty"
+	messageCertAuthorityARNRequired   = "Certificate Authority ARN cannot be empty"
+	messagePrivateACMClientInitFailed = "Failed to initialize PrivateACM client: "
+	successPrivateACMVerified         = "KeyPairVerified"
+	messagePrivateACMVerified         = "Private ACM Verified"
 )
 
 func (acm *PrivateACM) Setup(ctx context.Context) error {
@@ -45,6 +46,14 @@ func (acm *PrivateACM) Setup(ctx context.Context) error {
 		return nil
 	}
 
+	_, err := acm.initAWSPCAClient()
+	if err != nil {
+		s := messagePrivateACMClientInitFailed + err.Error()
+		klog.V(4).Infof("%s: %s", acm.issuer.GetObjectMeta().Name, s)
+		apiutil.SetIssuerCondition(acm.issuer, v1alpha1.IssuerConditionReady, v1alpha1.ConditionFalse, errorPrivateACM, s)
+		return err
+	}
+
 	klog.Info(successPrivateACMVerified)
 	apiutil.SetIssuerCondition(acm.issuer, v1alpha1.IssuerConditionReady, v1alpha1.ConditionTrue, successPrivateACMVerified, messagePrivateACMVerified)
 	return nil