Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
MigenaM
Staff
Staff

Created on ‎09-23-2025 06:29 AM

Article Id 412177

Technical Tip: Renew the ACME certificate outside of working hours

Description This article describes how to 'manipulate' the renewal time of the ACME certificate on FortiGate.
Scope FortiGate.
Solution

In most cases, the renewal of the Let's Encrypt certificate for SSL VPN happens during working hours.

This causes interruptions in the traffic. 

In this scenario, it would be better to have the renewal of this certificate outside of working hours. 

 

In general, Let's Encrypt issues certificates that last 90 days, and by default, FortiGate is trying to renew the certificate 30 days before the expiration.

The relevant configuration extract is below:

 

config vpn certificate local
    edit <ACME_certificate_name>
        set acme-renew-window 30
end

 

However, the certificate renewal cannot be explicitly scheduled. 

To be able to manipulate the renewal timing, the user can manually renew the certificate outside of working hours, and this should trigger the next renewal exactly X days before the expiration (based on the acme-renew-window setting). 

 

Should the previous certificate renewal be outside working hours, the upcoming certificate renewal will be triggered right at the time the X-day window has been reached, and this should also be around the time the previous certificate renewal happened.
193
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.