Please read this article to fix Web Proxy issues that come up today with some LetsEncrypt sites:
Delete the expired CA from the CA store on the XG.
Solved our issues.
You will find the Warning in SYSTEM log, not WebProxy (strange...)
messageid="17917" log_type="Event" log_component="HTTPS" log_subtype="System" dst_ip="xxx.xxx.xxx.xxx" message="HTTPS access is denied due to invalid server certificate. Disable "Block invalid certificates" from "Web -> General Settings -> HTTPS Decryption and Scanning" to access HTTPS site '">https://xxx.xxx.xxx/'" user_agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" status_code="403" sentbytes="0"
Would'nt this be something for proactive Hotfix installation by Sophos?
Hotfixes are not easy nor quick to develop as they require many Q&A processes to be involved. Also HF will mess up build numbers and backup/restore process etc. Therefore this is not a good solution…
Hotfixes are not easy nor quick to develop as they require many Q&A processes to be involved. Also HF will mess up build numbers and backup/restore process etc. Therefore this is not a good solution for such a change.
You could remove this CA by using Central Management. Simply remove the DST CA in your group and the Change will be pushed to all firewalls.