ACME certificate showing not secure

Forum|Forum|4 years ago
January 13, 2022
3 replies
5304 views

Followed the manual from this post: https://community.fortinet.com/t5/FortiGate/Technical-Tip-ACME-certificate-showing-not-secure/ta-p/195496

I Cannot find a way to forcing the letsencrypt certificate to be renewed with the correct url.

The post itself is correct, but needs some more steps..

FortiGate

Best answer by Rvdplas-NL

Solution is to create the cert from the CLI instead of the gui

mhe

Explorer II

What error do you get?

Rvdplas-NLAuthor

New Member

The browser states that the certificate is not legit (thats correct because it's still a staging certificate):

(CN) (STAGING) Artificial Apricot R3

(O) (STAGING) Let's Encrypt

mhe

Explorer II

in that case you have not adjusted "set acme-url" to the production URL

Rvdplas-NLAuthor

New Member

Seems correct, but do i need to run a command to re request the certificate with the new acme-url ?

config vpn certificate local
edit "Test"
set password ENC hash
set comments "Renewed with ACME on Wed Jan 12 10:46:58 2022 (UTC)"
set range global
set enroll-protocol acme2
set acme-ca-url "https://acme-v01.api.letsencrypt.org/directory"
set acme-domain "*"
set acme-email "*"
set acme-renew-window 1
next
end

Bai_Ganyo

Explorer

Thank you for sharing the solution!

Rvdplas-NLAuthorAnswer

New Member

Solution is to create the cert from the CLI instead of the gui

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded