FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Cayazo
Staff & Editor
Staff & Editor
Article Id 402207
Description This article provides a workaround to specify a date and time to perform a monthly renewal of the ACME certificate
Scope FortiGate, Let's Encrypt Certificates, and ACME certificate.
Solution

This is the guide that shows the ACME certificate's requirements: Troubleshooting Tip: Let’s Encrypt certificate did not automatically renew 

 

Follow these steps to create the automation stitch:

  1. Select 'Security fabric -> Automation':
 
Screenshot 2025-07-18 123923.jpg

  1. Create a new action. Select 'Action -> Create New':

 

Screenshot 2025-07-18 123754.jpg

 

  1. Select 'CLI Script':

 

Screenshot 2025-07-18 123843.jpg

 

  1. Input the name, and add the commands:

 

diagnose sys acme regenerate-client-config
diagnose sys acme restart

 

Screenshot 2025-07-18 131617.jpg

 

Note:

Make sure to select the administrator profile 'super_admin'

 

  1. Create a new trigger. Select 'Trigger -> Create New':

 

Screenshot 2025-07-18 131712.jpg

 

  1. Select 'Schedule':

 

Screenshot 2025-07-18 131904.jpg

 

  1. Input the name, the monthly day, and the time that the certificate will be renewed:

 

Screenshot 2025-07-18 132116.jpg

Note:

In this example, the certificate will be renewed on the first day of every month at 5:00 AM. The format is 24 hours. 

 

  1. Create a new stitch to reference the newly added action and trigger. Select 'Stitch -> Create New':

 

Screenshot 2025-07-18 132137.jpg

  1. Input the name and select the trigger and action:

 

Screenshot 2025-07-18 132257.jpg

 

Related documents:

Technical Tip: Expiring Let’s Encrypt Certificates

ACME certificate support - FortiGate 7.0.0

ACME certificate support - FortiGate 7.2.0

Troubleshooting Tip: Let's Encrypt certificate renewal fails with 'timeout during connect (likely fi...

 

Contributors