This is the guide that shows the ACME certificate's requirements: Troubleshooting Tip: Let’s Encrypt certificate did not automatically renew.

Follow these steps to create the automation stitch:

1. Select 'Security fabric -> Automation':

2. Create a new action. Select 'Action -> Create New':

3. Select 'CLI Script':

4. Input the name, and add the commands:

diagnose sys acme regenerate-client-config
diagnose sys acme restart

Note:

Make sure to select the administrator profile 'super_admin'

5. Create a new trigger. Select 'Trigger -> Create New':

6. Select 'Schedule':

7. Input the name, the monthly day, and the time that the certificate will be renewed:

Note:

In this example, the certificate will be renewed on the first day of every month at 5:00 AM. The format is 24 hours. 

8. Create a new stitch to reference the newly added action and trigger. Select 'Stitch -> Create New':

9. Input the name and select the trigger and action:

CLI Reference:

config system automation-trigger

    edit "ACME_Renewal_Trigger"

        set trigger-type scheduled

        set trigger-frequency monthly

        set trigger-hour 5

    next

end

config system automation-action

    edit "ACME_Renewal"

        set action-type cli-script

        set script "diagnose sys acme regenerate-client-config

diagnose sys acme restart"

        set accprofile "super_admin"

    next

end

config system automation-stitch

    edit "ACME_Renewal_Stitch"

        set trigger "ACME_Renewal_Trigger"

            config actions

                edit 1

                    set action "ACME_Renewal"

                    set required enable

                next

            end

    next

end

Related documents:

Technical Tip: Expiring Let’s Encrypt Certificates

ACME certificate support - FortiGate 7.0.0

ACME certificate support - FortiGate 7.2.0

Troubleshooting Tip: Let's Encrypt certificate renewal fails with 'timeout during connect (likely fi...