Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 41 subscribers
  • Views 191 views
  • Users 0 members are here
Options
Suggested

Sophos Firewall 21 daily letsencrypt request error

SJS-DE

Apparently since the last firmware update my Sophos Home Firewall has been renewing my LetsEncrypt certificates daily, which has caused an error on LetsEncrypts end since I am basically flooding their service. This has resulted in all of the letsencrypt certs not being renewed and I have had to disable the function in order to let the clock reset. 

Has anyone else had this bug?



Edited TAGs
[edited by: Erick Jan at 3:24 AM (GMT -8) on 6 Jan 2025]
  • 0

    No, that works for me. (SFOS 21)
    It is possible that a daily attempt is made if the renewal fails ... or does the renewal work?
    How many certificates are involved?


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0

    SFOS should only try it once per day (not multiple times). We have some improvements to change the timer of this action to be on a different time of the day to spread the renewal process. 
    But basically i would rather recommend to check the reason for the first fail in the logs. 

    If you used the EAP to generate the LE - Please delete the certificate and create a new one. 

    __________________________________________________________________________________________________________________

  • 0

    Which version are you on currently? There has been an issue when the renewal could get stuck in a loop even though the validation was successful for a domain, which would eventually cause the rate limit to trigger on the Let's Encrypt side, blocking you from using the service for a while. This should now be fixed in v21 MR1.

Unfiltered HTML