diff --git a/acmeclient.go b/acmeclient.go
index b478573c..e9569afd 100644
--- a/acmeclient.go
+++ b/acmeclient.go
@@ -68,7 +68,10 @@ func (iss *ACMEIssuer) newACMEClientWithAccount(ctx context.Context, useTestCA,
 	// register account if it is new
 	if account.Status == "" {
 		if iss.NewAccountFunc != nil {
+			// obtain lock here, since NewAccountFunc calls happen concurrently and they typically read and change the issuer
+			iss.mu.Lock()
 			account, err = iss.NewAccountFunc(ctx, iss, account)
+			iss.mu.Unlock()
 			if err != nil {
 				return nil, fmt.Errorf("account pre-registration callback: %v", err)
 			}
diff --git a/acmeissuer.go b/acmeissuer.go
index 84adbc5c..580a7721 100644
--- a/acmeissuer.go
+++ b/acmeissuer.go
@@ -132,7 +132,7 @@ type ACMEIssuer struct {
 	// synchronize properly.
 	email  string
 	agreed bool
-	mu     *sync.Mutex // protects the above grouped fields
+	mu     *sync.Mutex // protects the above grouped fields, as well as entire struct during NewAccountFunc calls
 }
 
 // NewACMEIssuer constructs a valid ACMEIssuer based on a template