Sophos Firewall

Discussions Let's Encrypt certificate renewal

Sophos Firewall requires membership for participation - click to join

Thread Info

State Verified Answer
Locked Locked
Replies 4 replies
Subscribers 39 subscribers
Views 5657 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Let's Encrypt certificate renewal

Mathias Mühlbacher over 2 years ago

Hello everyone,

is there an approach how to propper update the SSL certificates on Sophos XG (current version 18).

I usually select my existing certificate and upload the new Let's encrypt SSL certificate so it overwrites it.

After I refresh the webportal I can also see that my browser shows the new valid-until date.

The big pain:

Before I can do that, I need to delete all my protected webserver rules and recreate them afterward - disabling them is not enought.

Also I need to temporarily change the SSL VPN certificate otherwise the new one is not being recognised.

Any ideas what might be a better approach?

This thread was automatically locked due to age.

Top Replies

LuCar Toni over 2 years ago +1 verified

There are scripts to do this for you. I collected some script links in my initial Post: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/108931/letsencrypt-how-to-in-xg

0 dirkkotte over 2 years ago

i import the new certificates with a new name "mycert2109" and switch to the new cert within WAF (... and Mail and other Services).

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel
0 Mathias Mühlbacher over 2 years ago in reply to dirkkotte

Servus @dirkotte

Yeah that might be a solution. But you might forget to change one of the settings.

On Sophos UTM it was a bit easier as there was on option to see where this SSL certificate was being used.
Cancel
Vote Up 0 Vote Down

Cancel
+1 LuCar Toni over 2 years ago

There are scripts to do this for you.

I collected some script links in my initial Post: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/108931/letsencrypt-how-to-in-xg

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 Mathias Mühlbacher over 2 years ago in reply to LuCar Toni

Thanks - that solved it -> github.com/.../le2xg.sh
Cancel
Vote Up 0 Vote Down

Cancel