Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Lets encrypt renew fail

Hi everyone,

We're using the integrated Let's Encrypt feature in SFOS V21. We've noticed some strange behavior when it comes to renewing certificates.

When the firewall attempts to renew the certificate, it fails with the message: "Reason for failure: unknown network error." This issue affects all Let's Encrypt certificates on the appliance. However, when the certificate is deleted and new issued, the verification works immediately. In both cases – whether renewing or issuing – the Let's Encrypt requests can be seen in the WAF log.

The Sophos Firewall has its public IP address directly on its WAN interface, so there's no provider router that could potentially block ports.

Does anyone have any tips for us?

Greetings!



Edited TAGs
[edited by: Raphael Alganes at 10:37 AM (GMT -8) on 5 Dec 2024]