Hi,
I have HTTPS-Certificates from LetsEncrypt.com for all my subdomains. I uploaded the Certificate in the XG und used them in many Firewall-WebServer-Protection-Rules.
This Certificates expire after 90 days and I have a Script do renew them easily. When I try to upload the new Cert under same Name I will get an Error because of it exists. Wenn I choose a new Name, I can upload the new Cert with success. Now I can't delete the old one because they are in use from the Firewall-Rules. I have to edit all Roules manually and Switch to the Name of the new Certificate! After that I can delete the old one.
This is not user friendly!
I don't have the time to do this manually every 2 Months so I take a look in the API-Docs. There is the possibility, to update a Certificate. So I spent some time to get it to work with a little selfmade Java-Program, which trys to renew the Certificate under same Name but with new expire-date.
This is funny: I can add a Certificate and update it with same Name without Problems. But when it is used in a Firewall-Rule, the update-process Fails with the undocumented error Code 542. The link in the message to explain it in detail is dead.
The next step is to extract all Firewall-Rules over the API-Call, replace the Name of the Certificate in every rule and update each rule before I can drop the expired one.
This is to much time consuming. When a Firewall-rules changes, I have to observe this and at the end I rewrite the GUI of XG.
Why can't I update an existing Certificate? Do I miss something? I am not the only Person in the world, who have to renew a HTTPS-Certificate?
This thread was automatically locked due to age.