| Description |
This article discusses how to configure the ACME certificate with certificate management services other than Let's Encrypt on 7.0.2 and above. |
| Scope |
FortiGate v7.0.2 and above. |
| Solution |
FortiGate provides an option to choose between Let's Encrypt and other certificate management services that use the ACME protocol.
Up until v7.0.1, GUI option was available to choose between 'Let's Encrypt' or 'Other' under ACME services. See the article v7.0.0 New Features | ACME Certificate Support.
The option 'Other' allows to define an ACME service other than Let's encrypt.
v7.0.1 : 
Starting with v7.0.2, 'Other' cannot be chosen in the GUI anymore.
v7.0.2:
In v7.0.2 and onwards, this option is available only via CLI.
config vpn certificate local edit <certificate_name> set enroll-protocol acme2 set acme-ca-url <url> <- Enter the other ACME service's server/CA URL. set acme-domain <domain which resolves to FortiGate public IP address> set acme-email <valid email address> next end
To determine the correct acme-ca-url to use, reference the third-party ACME service's documentation.
FortiOS does not currently support ACME External Account Binding (EAB) key, which some ACME services require.
Related document: |
