Please read this article to fix Web Proxy issues that come up today with some LetsEncrypt sites:
https://support.sophos.com/support/s/article/KB-000042993?language=en_US
Delete the expired CA from the CA store on the XG.
Solved our issues.
You will find the Warning in SYSTEM log, not WebProxy (strange...)
messageid="17917" log_type="Event" log_component="HTTPS" log_subtype="System" dst_ip="xxx.xxx.xxx.xxx" message="HTTPS access is denied due to invalid server certificate. Disable "Block invalid certificates" from "Web -> General Settings -> HTTPS Decryption and Scanning" to access HTTPS site '">https://xxx.xxx.xxx/'" user_agent="Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:91.0) Gecko/20100101 Firefox/91.0" status_code="403" sentbytes="0"
Would'nt this be something for proactive Hotfix installation by Sophos?
This thread was automatically locked due to age.
