This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[HOWTO] Let's Encrypt

Hi all,

I have got a fully working Let's Encrypt setup for multiple domains of my Web Application Firewall on my Sophos UTM 9.4!

On github I have made a manual on how to set it up on your UTM as well. Currently it has a few manual steps to set it up, but I might script this in the future as well.

https://github.com/rklomp/sophos-utm-letsencrypt

Comments, questions and improvements are welcome! And please leave a message if you have got it working as well.

Have fun!

René
[Donate]



This thread was automatically locked due to age.
Parents
  • Hi,

    I'm using your Scripts for Let's encrypt for several times now.

    At first thank you for your work. It was almost a fluent integration.

    I'm using Let's Encypt certificates directly on UTM for access from outsite with WAF.
    For ease of use I also use my local hosted servers with the eyternal DNS name (internal DNS resolution), as I don't want to have internat selfsigned or internat CA published to all devices, For these Services I also use Let's Encrypt certificates. For this I configured several SSH connection for ACME challenge an site-path-rules in WAF to get the challenges for UTM and the servers itself.
    It works fine so no need for any complain or problably switching over to native Let's encrypt in 9.6, as I don't know whether it woul work this way. (other question not your problem).

    But now I came to some questions. I'm short before changing my setup to an active passive UTM HA-Cluster and I'm a bit confused what I need to do that both machines are able to regenerate my certificates regardles which UTM is in active state.

    So my thoughts are:

    • Certificates are automaticly synchronized between the two UTM
    • I need the script and configs on both boxes (manualy as I think they are not synchronized)

    Has anybody of you here a running setup with the scripts in HA-Cluster (Active Passive) and could tell me what I have to think about.

     

    Thanks for your reply

    Carsten

Reply
  • Hi,

    I'm using your Scripts for Let's encrypt for several times now.

    At first thank you for your work. It was almost a fluent integration.

    I'm using Let's Encypt certificates directly on UTM for access from outsite with WAF.
    For ease of use I also use my local hosted servers with the eyternal DNS name (internal DNS resolution), as I don't want to have internat selfsigned or internat CA published to all devices, For these Services I also use Let's Encrypt certificates. For this I configured several SSH connection for ACME challenge an site-path-rules in WAF to get the challenges for UTM and the servers itself.
    It works fine so no need for any complain or problably switching over to native Let's encrypt in 9.6, as I don't know whether it woul work this way. (other question not your problem).

    But now I came to some questions. I'm short before changing my setup to an active passive UTM HA-Cluster and I'm a bit confused what I need to do that both machines are able to regenerate my certificates regardles which UTM is in active state.

    So my thoughts are:

    • Certificates are automaticly synchronized between the two UTM
    • I need the script and configs on both boxes (manualy as I think they are not synchronized)

    Has anybody of you here a running setup with the scripts in HA-Cluster (Active Passive) and could tell me what I have to think about.

     

    Thanks for your reply

    Carsten

Children
No Data