diff --git a/acme/account.go b/acme/account.go
index 21c37314..51225b49 100644
--- a/acme/account.go
+++ b/acme/account.go
@@ -53,8 +53,8 @@ type PolicyNames struct {
 
 // X509Policy contains ACME account level X.509 policy
 type X509Policy struct {
-	Allowed PolicyNames `json:"allowed"`
-	Denied  PolicyNames `json:"denied"`
+	Allowed PolicyNames `json:"allow"`
+	Denied  PolicyNames `json:"deny"`
 }
 
 // Policy is an ACME Account level policy
diff --git a/acme/api/order.go b/acme/api/order.go
index b4f7cf27..820b642f 100644
--- a/acme/api/order.go
+++ b/acme/api/order.go
@@ -119,7 +119,7 @@ func (h *Handler) NewOrder(w http.ResponseWriter, r *http.Request) {
 	}
 
 	for _, identifier := range nor.Identifiers {
-		// evalue the ACME account level policy
+		// evaluate the ACME account level policy
 		if err = isIdentifierAllowed(acmePolicy, identifier); err != nil {
 			render.Error(w, acme.WrapError(acme.ErrorRejectedIdentifierType, err, "not authorized"))
 			return