Hi everyone, We're using the integrated Let's Encrypt feature in SFOS V21. We've noticed some strange behavior when it comes to renewing certificates. When the firewall attempts to renew the certificate, it fails with the message: "Reason for failure…

Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…

On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert. We need to disable the NAT rule, then it works to create/renewal the certificate. But this can't be the…

Hallo zusammen, die letzten Tage hat die Sophos mehrfach versucht das Zertifikat zu erneuern. Dies ist fehlgeschlagen, obwohl es den DNS Eintrag gibt und dieser noch den Ursprünglichen A Record hat. dies bestätigt auch ein schnöder Ping test, vor ein…

Getting the following error requesting Lets Encypt certificate "type":"urn:ietf:params:acme:error:connection" "detail":"xx.xx.xx.xx: Fetching xxxxxxxxxxxx/.../mhmbdFphj1tfMCrRkrqqrp2CrgNY54ipSQeI66mcGFQ: Timeout during connect (likely…

Certificate request fails with secondary validation time out. I can see in the web server protection log viewer that the well known url is being requested with the unique value. I also briefly see that the temporary waf rule is created. Only thing to…

Hallo zusammen, wir setzen seit der V21 vermehrt Lets Encrypt Zertifikate auf unseren WAF Regeln ein. Hierbei ist uns aufgefallen, dass danach einige Dienste nicht mehr ordendlich verbinden können. Prüfen wir hier die entsprechenden Logs, stellen wir…

I successfully obtained 5 certificates from Lets Encrypt with th new V21 feature. I can use these in my web application firewall rules and they work fine. But in "Administration/Admin console and end-user interaction" only an uploaded wildcard certificate…

Hi zusammen, ich habe Probleme bei dem Hochladen bzw. validieren von den Lets Encrypt Zertifikaten. Die Zertifikate werden vom NGINX ausgestellt bzw. über diesen. Die Zertifikate sind auch gültig und werden auch so im Browser angezeigt. Da ich…

I have a problem where one of our Let's Encrypt Certificates won't renew. This certificate is used for a virtual web server with our Exchange server (OWA, activesync, etc.) as the real web server. Another certificate, used for the UTM user and admin…

I received the following email, this morning: The Terms of Service for Let's Encrypt have changed. Please go to WebAdmin to review and accept the new Terms of Service, otherwise you won't be able to create and renew Let's Encrypt certificates. …

In 2018, Sophos integrated Let's Encrypt with their UTM series, leaving XG(S) users anticipating a similar feature. Many, including us, have turned to API solutions due to the lack of progress which is fine. However, the XG API feels less refined compared…

Hey everybody, as we could not find any working solution in the discussion forum that does the Lets encrypt Process on the Sophos itself, we setup a process to run the whole thing on the sophos firewall it self. Our blog post https://blog.helsinki…

I have a website which I DO want to have a public IP and routing, as well as a valid certificate, but which must only be accessible from internal resources. To that end I've set up Access Control, granting only certain local networks access and I though…

I am currently using SFOS 19.5.1 MR-1-Build278. I am hosting Emby (similar to Plex, I used Plex as it is more popular) container on my Qnap NAS, being protected by WAF. I have my own domain name from Porkbun, and I was able to generate SSL (Letsencrypt…

Update: V21.0 supports Lets Encrypt onboard: Sophos Firewall v21 Early Access Announcement Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with…

After reading quite a lot about the lack of support for Let's encrypt and studying the various solutions other people came up with I wanted to post my solution. Over the last couple of days I wrote a script to upload a certificate to the firewall, update…

Hi and sorry for my poor english, I'm triying to use the PHP script provide from user burton, but the scrip say this: CREATING TEMP CERT... <?xml version="1.0" encoding="UTF-8"?> <Response APIVersion="1800.1" IPS_CAT_VER="0"> <Login> <status>Authentication…

AVE! Im a home user and i was trying to test some CaprtivePortal things and I know how selfcerts are working so i decided to upload LE cert to XG and change it in <AdminAndUserSettings> I dont know why but devices(phones) still are getting ssl error…

Hello, is there any way to allow LE without manual enabling firewall and nat rules? I have couple of web servers on same port 443 and I would like to enable them to use LE for generating new and renewing certificates but I'm unable to find the way.…

Hi .. Just wanted to list the steps I performed to finally validate LE Cert on XG 19.0.1 MR-1-Build365. I spent over a month trying to narrow down the issue and I might have read every article in this forum with no avail. I hope this helps. The steps…

Hi, I am using this script from user burton https://community.sophos.com/sophos-xg-firewall/f/discussions/129768/letsencrypt-api-update-script---dynamically-handles-multiple-certs-multiple-rules-including-re-grouping-of-policies-rules However since…

Hallo, Ich bekomme das irgendwie nicht hin wie bei der UTM OS mit dem Zertifikat. Also da gibt es auch kein Lets Encrypt wie bei der UTM OS. Kann mir jemand helfen?? Ich möchte gerne ein Offizielles Zertifikat auf meiner Sophos haben. Sie hat…

Hopefully this can help others. I'm running the home licensed version and just recently moved to v19 I have a few WAF's that are configured externally this script is to do the following. Renew Multiple certificates that are already configured…

UTM 9.710-1 Warning e-mail: [WARN-603] Let's Encrypt certificate renewal failed accessing Let's Encrypt service I've seen this problem before and solved it using the steps described in this posting by Pawan: https://community.sophos.com/utm-firewall…