Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
amahdi
Staff & Editor
Staff & Editor

Created on ‎01-07-2024 10:26 PM Edited on ‎10-14-2025 12:49 AM By Moderator

Article Id 292768

Troubleshooting Tip: FortiGate VM is unable to obtain Lets Encrypt Certificate

Description

 

This article describes a possible solution when FortiGate VM is unable to create a Let's Encrypt Certificate via CLI or GUI, although connectivity from the firewall to the ACME server appears successful.

 

Scope

 

FortiGate.

 

Solution

 

The following error is observed in the following output :


diagnose sys acme status-full fw-01.test.net
"when": "Sun, 16 Jun 2024 05:58:59 GMT",
"type": "renewal-error",
"detail": "Unsuccessful in contacting ACME server at <https://acme-v02.api.letsencrypt.org/directory>. 

 

If this problem persists after a reboot, check the network connectivity from the FortiGate to the ACME server (ban on public IP, ISP filtering, routing, etc).

 

A possible solution is to run the 'diagnose sys acme purge-archivecommand to wipe the status file, clear any internal status for the ACME client, and start a new attempt from the FortiGate's configuration. It also restarts the ACME client on FortiGate, but to manually restart the ACME Client, run the 'diagnose sys acme restart'

 

Related articles:

Troubleshooting Tip: Let’s Encrypt certificate did not automatically renew 
Technical Tip: Error provision certificate with ACME

Labels:
3663
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.