Hello @All,
we would like to use Letsencypt certificates for our web servers.
The web servers are addressed as an example as follows:
aa.domain.com
bb.domain.com
cc.domain.com
DNS entries are available.
Unfortunately, I can't really figure it out from the documentation.
Here now my questions:
Do I need to request a separate certificate for each domain?
Do all domains also have to be reachable via port 80?
According to the documentation, I also have to create a CAA:
You must have added "letsencrypt.org" in the CAA value if you have configured a CAA record at your DNS service. This allows Let's Encrypt to issue certificates for your domain name.
Where and how should this be?
Fortiweb OS is 7.0.1
Many thanks for helping
TBC
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 06-12-2022 08:10 AM
Hello @TBC ,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Fortinet Community Team
Hello @TBC,
Please see below replies;
> Do I need to request a separate certificate for each domain?
Yes.
>Do all domains also have to be reachable via port 80?
You may want to check Letsencrypt's article below:
1- Best Practice - Keep Port 80 Open https://letsencrypt.org/docs/allow-port-80/
2- Challenge Types - https://letsencrypt.org/docs/challenge-types/
>According to the documentation, I also have to create a CAA:
>You must have added "letsencrypt.org" in the CAA value if you have configured a CAA record at your DNS service. This allows Let's Encrypt to issue certificates for your domain name.
>Where and how should this be?
You need to create CAA record in your DNS system, not in the FortiWeb.
https://en.wikipedia.org/wiki/DNS_Certification_Authority_Authorization
Thank you.
Hello Khidzir_MN,
thank you very much for your comments!
Since we have a few domains, this procedure is quite cumbersome.
We therefore create a Wildcard certificate via one of our servers and then play them in the Fortiweb.
I have a question about this, is there a way to renew an existing Letsencrypt certificate or assign a new one to multiple server policies, for example via console or API?
Many thanks in advanced
TBC
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.