LetsEncrypt Certificate not trusted by Spohos XG Firewall

Same problem. I even tried uploading the ISRG Root X1 certificate in the CA tab. The certificates however remain untrusted. Any ideas?

BR
Chris

This should be fixed by a hotfix. See: https://support.sophos.com/support/s/article/KB-000042993?language=en_US

I already tried this. The problem persists. :/

I had the same issue on one firewall and had to regenerate my lets encrypt certificate, but this fixed my issue. 

I just tried what you said and it's not working for me. I have fresh, newly issued certificates and it's still saying: not trusted

I even re-uploaded the CA certificates from the Let's Encrypt web site. The X1 and R3 one, both valid certificates.

Can you share a screenshot of your certificate? Did you upload it with a private key? 

Hello LuCar Toni i have the same issue.

I already uploaded the new certificate for R3 but my let's encrypt certs are still not valid.

I have the same problem, Tried a fresh install of Sophos 18.5.1 MR-1, tried multiple times generate a new certificate from lets encrypt alos with new certbot instalation but no luck. I downloaded all root CA of lets encrypt en uploaded them on the sophos but still the same as above.

I used the new certification on a web server protection rule and the clients are working with a valid certificate but i can't chose this new certification on the webadmin or portal because it is not valid.

I have the same problem, Tried a fresh install of Sophos 18.5.1 MR-1, tried multiple times generate a new certificate from lets encrypt alos with new certbot instalation but no luck. I downloaded all root CA of lets encrypt en uploaded them on the sophos but still the same as above.

I used the new certification on a web server protection rule and the clients are working with a valid certificate but i can't chose this new certification on the webadmin or portal because it is not valid.

Thanks for your reply.

I have exactly the same behaviour and no workaround :(

Are you sure its not valid or it does not have a private key? 

Hi LuCar Toni, i upload my certificates as pfx with included private key. If I use the certificate in webserver protection every client works fine bit the xg said it‘s invalid and so I can‘t use it for vpn or the admininterface.

Same for me here, when i use the certifcate my webbrowser is telling me its valid and the sophos is still telling it's not.

I Tried some different combination with the chain when converting to pfx12 and also tried upload the cert.pem en private.key on the sophos without converting it to other extension but still no luck.