This article describes that after creating an ACME certificate from FortiGate, the browser shows not secure.
After creating the server certificates for secure administrator login to the FortiGate the browser will show a not secure page.
The browser doesn’t trust the certificate issuer.
On the firewall, it is possible to see staging.
Remove the staging from the certificate:
FortiGate-VM # config vpn certificate local
FortiGate-VM(local) edit test
# config vpn certificate loca
set password XXX
set comments "Renewed with ACME on Wed Oct 27 17:13:11 2021 (UTC)"
set range global
set enroll-protocol acme2
set acme-ca-url https://acme-staging-v02.api.letsencrypt.org/directory <<<< Remove the staging
set acme-domain "agamtest.cloudem.cloud"
set acme-email "firstname.lastname@example.org"
The correct URL looks like:
This is because the certificate which is creating uses Let’s Encrypt staging (test server) so the cert created for the domain has been issued by a fake CA.
This Let’s Encrypt staging server should be used just to test that the client is working fine and can generate the challenges, certificates, but to create a valid cert, it is necessary to use the right server in letsencrypt-auto command.
For staging is:
For production is:
If a server, is not specified, it defaults to production and to use staging, specify the server for staging or just use one of these switches (--test-cert or --staging).
Now check the connection, if the issue is still there create a ticket through the Fortinet support portal