TBC,
I am assuming you are using ssl vpn with a manual letsencrypt certificate. If so the following advice applies.
You can follow the procedure in the admin guide to get a new letsencrypt certificate that autorenews with acme:
https://docs.fortinet.com/document/fortigate/7.2.0/administration-guide/822087/acme-certificate-supp...
Use the same FQDN that your existing certificate uses.
Be aware that this next step will reset existing connections: in your ssl vpn config, change certificate to use your new one.
That's it. If you have issues with the new certificate, you should be able to rollback to the old one by changing the config again- having two certificates that are both valid at the same time is allowed, but only one can be used in the ssl vpn.
Thank you Matt for fast response!
Unfortunately this does not work as desired, I get the following message:
This domain is already assigned to another ACME certificate: vpn.xxxx.net
How can I solve that?
many thanks
TBC
That sounds like you may already have a renewing certificate you can use. Verify that acme is using correct interface for renewal with cli:
get system acme status
You can review logs of acme activity with the following (produces a lot of text)
diagnose sys acme status-full vpn.xxxx.net
If you need more in-depth help, I would encourage you to open a ticket with fortinet support
https://support.fortinet.com/
Thank you, Matt
indeed at that moment I was generating a new cert, the old one was also renewed.
I tree before 3 or 4 times and the renewal are not working, not now everything is working!
Many thanks
TBC
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.