Hello everyone,
I observe strange behavior with ACME client. I use it to generate certificate for firewall's web management running on default HTTP/HTTPS ports (not using any form of SSLVPN). When Let's Encrypt certificate successfully renews, it still remains in staging for some time (maybe day or more) and only then is deployed to the firewall's management webserver. Meanwhile previous certificate is still in use.
Why is this happening? Is this by design?
fw # get vpn certificate local details LTSNCR
== [ LTSNCR ]
Name: LTSNCR
Subject: CN = example.com
Issuer: C = US, O = Let's Encrypt, CN = R10
Valid from: 2024-06-20 08:02:07 GMT
Valid to: 2024-09-18 08:02:06 GMT
Fingerprint: 7E:16:DE:13:E0:35:DC:52:F0:A4:DE:B8:CB:56:17:88
Serial Num: 36:00:5a:3e:a6:1d:15:13:6c:e3:14:03:92:06:58:00:ec:9d
ACME details:
Status: The certificate for the managed domain has been renewed successfully and can be used (valid since Thu, 20 Jun 2024 08:02:07 GMT).
Staging status: The certificate for the managed domain has been renewed successfully and can be used from Thu, 05 Sep 2024 07:38:25 GMT on.
The new certificate has been manually generated at 4 Sep 08:44 GMT, but as you can see in staging status it's still being held in staging and will only be applied at 5 Sep 07:38 GMT, almost after 24 hours. So why is this delay needed? With Certbot, any newly generated certificate is deployed instantly.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Why use Let's Encrypt at all? Why not buy a longer term certificate from a public PKI?
Why not, if it's readily available and free? I can't see how is this suggestion on the point of topic.
There is a system in place, which has been developed, passed the tests, etc. before shipping. So naturally I wonder why is it behaving in this particular way. Maybe there is some additional configuration available that is lacking on my end.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.