After reading quite a lot about the lack of support for Let's encrypt and studying the various solutions other people came up with I wanted to post my solution.
Over the last couple of days I wrote a script to upload a certificate to the firewall, update any WAF rules and optionally replace the admin portal certificate.
The sole purpose of this script is to upload a certificate, so it does not interact with Let's encrypt at all. This makes it very flexible, as it can be integrated in any workflow.
At the moment it can look in the local certificate store or read .pfx certificate files, but I invite anybody to add support for .pem, or do other improvements.
The only requirements are Powershell 7 and a XG user account with API access.
The script can be found on GitHub.
Here's an example use case:
Upload-Cert.ps1 "https://fw:4444//webconsole/APIController" $Credential -CertificateFriendlyName "R3" -UpdateAdminCertificate
This thread was automatically locked due to age.