| Description | This article describes how to fix an issue where renewing a Let's Encrypt certificate fails because it cannot reach the server. |
| Scope | Any supported version of FortiOS. |
| Solution |
This issue occurs when the Let's Encrypt enrollment server cannot be reached.
First, verify connectivity to the enrollment server with the following CLI command:
# execute ping acme-v02.api.letsencrypt.org
If the error 'Timeout during connect (likely firewall problem)' occurs during debugging, an incorrect interface may have been selected - particularly one which is not active in the routing table, or one which has had its Source IP is configured but cannot be routed to the internet.
# config system acme set interface wan2 <-------- If wan1 is selected but is not active, change it to wan2 end
Additionally, verify the source-ip. It can be 0.0.0.0:
# config system acme set source-ip 0.0.0.0 end
Try restarting ACME with the following command:
# diagnose sys acme restart
If none of these steps resolve the issue, see the following links for help with troubleshooting ACME Let's Encrypt renewal issues: |
