Running the latest firmware on a 80f and when I try and generate a cert using let's encrypt it works but give me a STAGING cert. I have another Fortigate (60f) that I setup like 2 weeks ago and it generates a normal one. I tried downloading the CA cert from that one and importing it in on the one that is STAGING and removing the STAGING ACME certs and it doesn't work. I still generates a STAGING cert. I know that you can specify the STAGING Cert to verify everything works before you setup a geniune one but I don't need that. Does anyone know the command to specify the cert?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello everyone,
There was a bug introduced in FortiOS 7.0.2 where generating a new ACME certificate from GUI will result in a certificate signed by Let's Encrypt staging CA.
Bug 0757130 was filed to fix the issue and the issue has been fixed in FortiOS 7.0.4 (which is yet to be released)
The workaround of the issue is to configure a certificate from CLI using the below commands as an example:
config vpn certificate local
edit "acme-test"
set enroll-protocol acme2
set acme-domain "kavin.fortiddns.com"
set acme-email "xyz@domain.com"
next
You can also find the bug mentioned in release notes:
https://docs.fortinet.com/document/fortigate/7.0.3/fortios-release-notes/236526/known-issues
I'm facing the same issue. Any solutions?
Was there a fix for this issue, I have 3 different sites now doing the same thing, only issuing from (STAGING) Let's Encrypt
Still haven't figured it out. Luckily there was not a need for me to get this working for the client. I realized that it needs to be addressed. The simple fact that there are other people that are experiencing the same things is comforting to know that I am not the only one. I wish there was a fix. Might have to submit a ticket to get it looked at and possibly a bug report. Has anyone ever had to submit a bug to FortiNet before?
Hello everyone,
There was a bug introduced in FortiOS 7.0.2 where generating a new ACME certificate from GUI will result in a certificate signed by Let's Encrypt staging CA.
Bug 0757130 was filed to fix the issue and the issue has been fixed in FortiOS 7.0.4 (which is yet to be released)
The workaround of the issue is to configure a certificate from CLI using the below commands as an example:
config vpn certificate local
edit "acme-test"
set enroll-protocol acme2
set acme-domain "kavin.fortiddns.com"
set acme-email "xyz@domain.com"
next
You can also find the bug mentioned in release notes:
https://docs.fortinet.com/document/fortigate/7.0.3/fortios-release-notes/236526/known-issues
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
446 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.