Skip to main content
Hsharma
Staff
Hsharma
Staff
November 10, 2025

Technical Tip: FortiGate GUI stops loading after firmware upgrade to FortiOS v7.6.3 or v7.6.4

  • November 10, 2025
  • 0 replies
  • 1437 views
Description This article describes an issue where the FortiGate GUI stops loading after upgrading to v7.6.3 or 7.6.4 due to the httpsd process continuously crashing. This can primarily impact FortiGates with ACME (Let's Encrypt) configured. 
Scope FortiOS v7.6.3, v7.6.4.
Solution

After performing a firmware upgrade to v7.6.3, the FortiGate is unable to load the administrative GUI. When performing a sniffer on the traffic, the FortiGate abruptly sends TCP reset packets before the session can be fully established.

 

When viewing the crashlog, there are frequent or continuous crashes of the 'httpsd' daemon, and the process ID is not seen in the output 'diagnose sys process pidof httpsd'.
An example output is provided below for a single crash; there must be frequent or continuous crashes for this behavior to arise.

 

diagnose debug crashlog read

11274: 2025-10-30 18:52:54 <16596> firmware FortiGate-201E v7.6.4,build3596b3596,250820 (GA.F) (Release)
11275: 2025-10-30 18:52:54 <16596> application httpsd
11276: 2025-10-30 18:52:54 <16596> *** signal 11 (Segmentation fault) received ***
11277: 2025-10-30 18:52:54 <16596> Register dump:
11278: 2025-10-30 18:52:54 <16596> RAX: 0000000000000012 RBX: 00007fd231851208
11279: 2025-10-30 18:52:54 <16596> RCX: 0000000000000012 RDX: 00007fd22d151b73
11280: 2025-10-30 18:52:54 <16596> R08: 0000000000000000 R09: 000000000000000f
11281: 2025-10-30 18:52:54 <16596> R10: 65406f6e5f686365 R11: 00007fd22338e940
11282: 2025-10-30 18:52:54 <16596> R12: 0000000000000012 R13: 00007fd2318536e8
11283: 2025-10-30 18:52:54 <16596> R14: 00007fd231853790 R15: 00007fd231850ce8
11284: 2025-10-30 18:52:54 <16596> RSI: 00007fd231853760 RDI: 0000000000000012
11285: 2025-10-30 18:52:54 <16596> RBP: 00007fff73d14370 RSP: 00007fff73d14268
11286: 2025-10-30 18:52:54 <16596> RIP: 00007fd22328fa76 EFLAGS: 0000000000010293
11287: 2025-10-30 18:52:54 <16596> CS: 0033 FS: 0000 GS: 0000
11288: 2025-10-30 18:52:54 <16596> Trap: 000000000000000e Error: 0000000000000004
11289: 2025-10-30 18:52:54 <16596> OldMask: 0000000000000000
11290: 2025-10-30 18:52:54 <16596> CR2: 0000000000000012
11291: 2025-10-30 18:52:54 <16596> stack: 0x7fff73d14268 - 0x7fff73d15420
11292: 2025-10-30 18:52:54 <16596> Backtrace:
11293: 2025-10-30 18:52:54 <16596> [0x7fd22328fa76] => /lib/libc.so.6 {0x7fd2231f6000}
11294: 2025-10-30 18:52:54 <16596> [0x7fd2219a3fa5] => /lib/libjson-c.so.5 {0x7fd22199d000}
11295: 2025-10-30 18:52:54 <16596> [0x7fd22ac6a77c] => /bin/httpsd {0x7fd229d14000}
11296: 2025-10-30 18:52:54 <16596> [0x7fd22ac61472] => /bin/httpsd {0x7fd229d14000}
11297: 2025-10-30 18:52:54 <16596> [0x7fd22ac75eb3] => /bin/httpsd {0x7fd229d14000}
11298: 2025-10-30 18:52:54 <16596> [0x7fd22ac79dff] => /bin/httpsd {0x7fd229d14000}
11299: 2025-10-30 18:52:54 <16596> [0x7fd22ac79eaf] => /bin/httpsd {0x7fd229d14000}
11300: 2025-10-30 18:52:54 <16596> [0x7fd22ac75f47] => /bin/httpsd {0x7fd229d14000}

 

Rebooting the FortiGate does not resolve the issue. Any connections to GUI management are rejected by FortiGate with a TCP-RST.

FortiGate # diagnose sniffer packet any "host 172.30.252.251 and port 2443" 6 0 l

interfaces=[any]

   filters=[ host 172.30.252.251 and port 2443 ]

   2025-07-18 10:30:10.170210 port3 in 172.26.129.69.50493 -> 172.30.252.251.2443: syn 499460273

   2025-07-18 10:30:10.170239 port3 out 172.30.252.251.2443 -> 172.26.129.69.50493: rst 0 ack 499460274


While the reasoning behind process crashes can be numerous, there is a reported issue where this crash could be triggered by having ACME (Let's Encrypt) configured on the FortiGate. While this specific issue is still under investigation (Known Issue 1166328), a workaround for this issue can be performed by either of these two steps:

 

  1. The ACME interface can be disabled or removed (if not needed). To remove the ACME interface, run the following commands.

 

config system acme

    unset interface 

    unset source-ip

end

            

  1. Execute this command in the FortiGate CLI:

 

diagnose sys acme purge-all

 

Note: A Let’s Encrypt certificate is valid for 90 days, and the FortiGate automatically renews it every 60 days (or 30 days before expiration). Removing the associated interface will interrupt the automatic renewal process or the creation of a new Let’s Encrypt certificate. If needed, reassign the interface and force the certificate renewal using the commands below:

 

config system acme

    set interface <>

end

 

To force certificate renewal:

 

diagnose sys acme regenerate-client-config
diagnose sys acme restart

 

Once renewed, remove the ACME certificate again using the commands below:

 

diagnose sys acme purge-all

 

This issue has been resolved in:

  • v7.6.5 (available to download from the Fortinet Support portal). Refer to bug ID 1166328 in the Resolved issues
  • v8.0.0 (scheduled to be released in March 2026).

The timelines for firmware releases are estimated and may be subject to change.
      Terms & ConditionsAccessibility statement