is there an approach how to propper update the SSL certificates on Sophos XG (current version 18).
I usually select my existing certificate and upload the new Let's encrypt SSL certificate so it overwrites it.
After I refresh the webportal I can also see that my browser shows the new valid-until date.
The big pain:
Before I can do that, I need to delete all my protected webserver rules and recreate them afterward - disabling them is not enought.
Also I need to temporarily change the SSL VPN certificate otherwise the new one is not being recognised.
Any ideas what might be a better approach?
There are scripts to do this for you.
I collected some script links in my initial Post: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/108931/letsencrypt-how-to-in-xg
i import the new certificates with a new name "mycert2109" and switch to the new cert within WAF (... and Mail and other Services).
Sophos Solution Partner since 2003 If a post solves your question click the 'Verify Answer' link.
Yeah that might be a solution. But you might forget to change one of the settings.
On Sophos UTM it was a bit easier as there was on option to see where this SSL certificate was being used.
Thanks - that solved it -> github.com/.../le2xg.sh