Skip to main content
uByte
uByte
New Member
October 26, 2021
Solved

Let's Encrypt STAGING certificate

  • October 26, 2021
  • 4 replies
  • 7904 views

Running the latest firmware on a 80f and when I try and generate a cert using let's encrypt it works but give me a STAGING cert. I have another Fortigate (60f) that I setup like 2 weeks ago and it generates a normal one. I tried downloading the CA cert from that one and importing it in  on the one that is STAGING and removing the STAGING ACME certs and it doesn't work. I still generates a STAGING cert. I know that you can specify the STAGING Cert to verify everything works before you setup a geniune one but I don't need that. Does anyone know the command to specify the cert?

      Best answer by Anonymous_User

      Hello everyone,

       

      There was a bug introduced in FortiOS 7.0.2 where generating a new ACME certificate from GUI will result in a certificate signed by Let's Encrypt staging CA. 

       

      Bug 0757130 was filed to fix the issue and the issue has been fixed in FortiOS 7.0.4 (which is yet to be released)

       

      The workaround of the issue is to configure a certificate from CLI using the below commands as an example:

       

      config vpn certificate local
      edit "acme-test"
      set enroll-protocol acme2
      set acme-domain "kavin.fortiddns.com"
      set acme-email "xyz@domain.com"
      next

       

      You can also find the bug mentioned in release notes:

       

      https://docs.fortinet.com/document/fortigate/7.0.3/fortios-release-notes/236526/known-issues

      4 replies

      mhe
      mhe
      Explorer II
      November 25, 2021

      I'm facing the same issue. Any solutions?

       

       

      ebadger
      ebadger
      Explorer
      January 1, 2022

      Was there a fix for this issue, I have 3 different sites now doing the same thing, only issuing from (STAGING) Let's Encrypt

      uByte
      uByteAuthor
      New Member
      January 3, 2022

      Still haven't figured it out. Luckily there was not a need for me to get this working for the client. I realized that it needs to be addressed.  The simple fact that there are other people that are experiencing the same things is comforting to know that I am not the only one. I wish there was a fix. Might have to submit a ticket to get it looked at and possibly a bug report. Has anyone ever had to submit a bug to FortiNet before?

      A
      Anonymous_UserAnswer
      Contributor
      January 3, 2022

      Hello everyone,

       

      There was a bug introduced in FortiOS 7.0.2 where generating a new ACME certificate from GUI will result in a certificate signed by Let's Encrypt staging CA. 

       

      Bug 0757130 was filed to fix the issue and the issue has been fixed in FortiOS 7.0.4 (which is yet to be released)

       

      The workaround of the issue is to configure a certificate from CLI using the below commands as an example:

       

      config vpn certificate local
      edit "acme-test"
      set enroll-protocol acme2
      set acme-domain "kavin.fortiddns.com"
      set acme-email "xyz@domain.com"
      next

       

      You can also find the bug mentioned in release notes:

       

      https://docs.fortinet.com/document/fortigate/7.0.3/fortios-release-notes/236526/known-issues

        Terms & ConditionsAccessibility statement