Skip to main content
Cayazo
Staff & Editor
Cayazo
Staff & Editor
July 21, 2025

Technical Tip: Automation stitch to renew the ACME certificate at an specific time of the day

  • July 21, 2025
  • 0 replies
  • 1395 views
Description This article provides a workaround to specify a date and time to perform a monthly renewal of the ACME certificate.
Scope FortiGate, Let's Encrypt Certificates, and ACME certificate.
Solution

This is the guide that shows the ACME certificate's requirements: Troubleshooting Tip: Let’s Encrypt certificate did not automatically renew.

 

Follow these steps to create the automation stitch:

  1. Select 'Security fabric -> Automation':
 
Screenshot 2025-07-18 123923.jpg

 

  1. Create a new action. Select 'Action -> Create New':

 

Screenshot 2025-07-18 123754.jpg

 

  1. Select 'CLI Script':

 

Screenshot 2025-07-18 123843.jpg

 

  1. Input the name, and add the commands:

 

diagnose sys acme regenerate-client-config
diagnose sys acme restart

 

Screenshot 2025-07-18 131617.jpg

 

Note:

Make sure to select the administrator profile 'super_admin'

 

  1. Create a new trigger. Select 'Trigger -> Create New':

 

Screenshot 2025-07-18 131712.jpg

 

  1. Select 'Schedule':

 

Screenshot 2025-07-18 131904.jpg

 

  1. Input the name, the monthly day, and the time that the certificate will be renewed:

 

Screenshot 2025-07-18 132116.jpg

 

Note:

In this example, the certificate will be renewed on the first day of every month at 5:00 AM. The format is 24 hours. 

 

  1. Create a new stitch to reference the newly added action and trigger. Select 'Stitch -> Create New':

 

Screenshot 2025-07-18 132137.jpg

 

  1. Input the name and select the trigger and action:

 

Screenshot 2025-07-18 132257.jpg

 

CLI Reference:

 

config system automation-trigger

    edit "ACME_Renewal_Trigger"

        set trigger-type scheduled

        set trigger-frequency monthly

        set trigger-hour 5

    next

end

 

config system automation-action

    edit "ACME_Renewal"

        set action-type cli-script

        set script "diagnose sys acme regenerate-client-config

diagnose sys acme restart"

        set accprofile "super_admin"

    next

end

config system automation-stitch

    edit "ACME_Renewal_Stitch"

        set trigger "ACME_Renewal_Trigger"

            config actions

                edit 1

                    set action "ACME_Renewal"

                    set required enable

                next

            end

    next

end

 

Related documents:

Technical Tip: Expiring Let’s Encrypt Certificates

ACME certificate support - FortiGate 7.0.0

ACME certificate support - FortiGate 7.2.0

Troubleshooting Tip: Let's Encrypt certificate renewal fails with 'timeout during connect (likely firewall problem)' error

 

    Terms & ConditionsAccessibility statement