FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
However, if 'Redirect HTTP to SSL-VPN' setting is enabled, it will not be possibe to select the same port for the ACME interface and you will not be able to move forward. If this is the case, it will be necessary to disable the setting 'Redirect HTTP to SSL-VPN' on the SSL-VPN settings to be able to use the same port for SSL-VPN and ACME.
Nevertheless, the restrictions mentioned on the Fortinet documentation linked above still maintain:
- The FortiGate must have a public IP address and a hostname in DNS (FQDN) that resolves to the public IP address.
- The configured ACME interface must be public facing so that the FortiGate can listen for ACME update requests. It must not have any VIPs, or port forwarding on port 80 (HTTP) or 443 (HTTPS). - The Subject Alternative Name (SAN) field is automatically filled with the FortiGate DNS hostname. It cannot be edited, wildcards cannot be used, and multiple SANs cannot be added.