I did not have any issues today but I recommend you to enable "Log SSL anomalies" in the SSL/SSH Inspection Profile so you will be able to analyze the log and understand why that profile is blocking access to the website.
Perhaps for some reason is marking the certificate as Expired certificates / Revoked certificates / Validation timed-out certificates / Validation failed certificates and your profile is configured as Block.

Hi guys,

I checked Security & Profiles - SSL\SSH Inspection and there is no option to create a new certificate.

Tried to contact FortiGate support but was advised that the device's license has expired so no support can be provided.

Is there any other way to fix it?

P.S. Does anyone know why it started to happen all of a sudden?

Tried to follow this article.

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Fortinet-Untrusted-CA-when-browsing-...

For example the website is news.com.au

I found intermediate certificate DigiCert Global Root CA.

Trying to import.

Certificate is duplicated.

The issue has been resolved.

Maybe on FortiGate's end.

Your first screenshots indicate to me that for some reason your traffic has hit a policy that has SSL Deep Inspection turned on. Only then the original certificate will be replaced by a certificate created by the FGT using the CA in the SSL DPI Profile. That is because DPI is a man-in-the-middle. The FGT needs to decrypt the traffic to be able to have the filters check it and then has to re-encrypt it to hand it on to the client that requested it. Since it cannot use the original cert for that (because it doesn't have the private key) it uses the CA in the profile to spawn a new cert using the original dn/subject/san and use that to re-encrypt.

There is no need to create new cert. Either remove the DPI if it is not needed/wanted or download the CA from your FGT and install it to your client(s) as trusted CA.