Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment.
This recommended Read describes information about Let's Encrypt and troubleshooting.
docs.sophos.com/.../index.html
Let’s Encrypt Certificate Support – A long-requested feature, Let's Encrypt certificate support enables the automatic deployment and renewal of certificates based on certificate signing requests (CSRs). Let’s Encrypt certificates are supported for WAF, SMTP, TLS configuration, hotspot sign-in, the web Admin console, user portal, captive portal, VPN portal, and SPX portal.
For example, you can start a new LE certificate for the domain: "test.domain.com". You need to be the owner of this domain. You need to be able to edit the DNS Record as well. "test.domain.com" needs to point to the firewall (WAN) interface.
The firewall will try to request the certificate for "test.domain.com," and LE will reach out to the configured DNS. If this works, you will get a valid certificate, which you can use. The firewall will automatically refresh the certificate if needed, and there is no user interaction required.
SFOS does not require a subscription for LE. A base License is sufficient. SFOS Home is also included.
SFOSv21.0 LE is similar to the implementation from Sophos UTM9.
SFOSv21.0 LE uses the HTTP Challenge. https://letsencrypt.org/docs/challenge-types/ Hence, Wildcard isn’t supported.
SFOSv21.0 LE certificates and private key can't be pulled from SFOS and be used on other devices. You must look into a DNS Challenge like Lego or Certbot to use LE in other devices. SFOS only offers to download the public certificate, in case your device does not trust LE.
Kindly read the LE documentation first: https://letsencrypt.org/how-it-works/
SFOS will perform the following steps:
Let's Encrypt offers a Login on the firewall. You can access it via CLI or download the log via Diagnostic.
Also, errors are shown before the Certificate via Mouse Over, indicating the next steps.