Hi everyone, We're using the integrated Let's Encrypt feature in SFOS V21. We've noticed some strange behavior when it comes to renewing certificates. When the firewall attempts to renew the certificate, it fails with the message: "Reason for failure…

Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…

On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert. We need to disable the NAT rule, then it works to create/renewal the certificate. But this can't be the…

Getting the following error requesting Lets Encypt certificate "type":"urn:ietf:params:acme:error:connection" "detail":"xx.xx.xx.xx: Fetching xxxxxxxxxxxx/.../mhmbdFphj1tfMCrRkrqqrp2CrgNY54ipSQeI66mcGFQ: Timeout during connect (likely…

Certificate request fails with secondary validation time out. I can see in the web server protection log viewer that the well known url is being requested with the unique value. I also briefly see that the temporary waf rule is created. Only thing to…

I successfully obtained 5 certificates from Lets Encrypt with th new V21 feature. I can use these in my web application firewall rules and they work fine. But in "Administration/Admin console and end-user interaction" only an uploaded wildcard certificate…

In 2018, Sophos integrated Let's Encrypt with their UTM series, leaving XG(S) users anticipating a similar feature. Many, including us, have turned to API solutions due to the lack of progress which is fine. However, the XG API feels less refined compared…

Hey everybody, as we could not find any working solution in the discussion forum that does the Lets encrypt Process on the Sophos itself, we setup a process to run the whole thing on the sophos firewall it self. Our blog post https://blog.helsinki…

I am currently using SFOS 19.5.1 MR-1-Build278. I am hosting Emby (similar to Plex, I used Plex as it is more popular) container on my Qnap NAS, being protected by WAF. I have my own domain name from Porkbun, and I was able to generate SSL (Letsencrypt…

After reading quite a lot about the lack of support for Let's encrypt and studying the various solutions other people came up with I wanted to post my solution. Over the last couple of days I wrote a script to upload a certificate to the firewall, update…

Hi and sorry for my poor english, I'm triying to use the PHP script provide from user burton, but the scrip say this: CREATING TEMP CERT... <?xml version="1.0" encoding="UTF-8"?> <Response APIVersion="1800.1" IPS_CAT_VER="0"> <Login> <status>Authentication…

AVE! Im a home user and i was trying to test some CaprtivePortal things and I know how selfcerts are working so i decided to upload LE cert to XG and change it in <AdminAndUserSettings> I dont know why but devices(phones) still are getting ssl error…

Hello, is there any way to allow LE without manual enabling firewall and nat rules? I have couple of web servers on same port 443 and I would like to enable them to use LE for generating new and renewing certificates but I'm unable to find the way.…

Hi .. Just wanted to list the steps I performed to finally validate LE Cert on XG 19.0.1 MR-1-Build365. I spent over a month trying to narrow down the issue and I might have read every article in this forum with no avail. I hope this helps. The steps…

Hi, I am using this script from user burton https://community.sophos.com/sophos-xg-firewall/f/discussions/129768/letsencrypt-api-update-script---dynamically-handles-multiple-certs-multiple-rules-including-re-grouping-of-policies-rules However since…

Hallo, Ich bekomme das irgendwie nicht hin wie bei der UTM OS mit dem Zertifikat. Also da gibt es auch kein Lets Encrypt wie bei der UTM OS. Kann mir jemand helfen?? Ich möchte gerne ein Offizielles Zertifikat auf meiner Sophos haben. Sie hat…

Hopefully this can help others. I'm running the home licensed version and just recently moved to v19 I have a few WAF's that are configured externally this script is to do the following. Renew Multiple certificates that are already configured…

Hi, I recently went through and updated some of my older LetsEncrypt certs and when I imported them they were showing up as Untrusted. The rest I had were still trusted. Unsure as to why, I removed the LetsEncrypt R3 Intermediate and the ISRG Root X1…

Hi folks If create a Lets Encrypt certificate (pfx, fullchain cert) and uploaded it to my freshly installed Sophos XG ( SFOS 18.5.1 MR-1-Build326). The certificate is uploaded but shows up as untrusted (red cross). The chain of the certificate…

Too many cooks and s omething has become messy with certificates on our XG and I need some help to get this sorted. (SFOS 18.0.5 MR-5-Build586) virtual Trying to upload a pfx-certificate generated by our certbot gives the dreaded red X. Mousing over…

Hello everyone, is there an approach how to propper update the SSL certificates on Sophos XG (current version 18). I usually select my existing certificate and upload the new Let's encrypt SSL certificate so it overwrites it. After I refresh the…

Hello all, I wanted to share my solution for easy certificate management. If you have a DNS service and a Windows machine, this may work for you. First, check out Certify The Web . This tool runs a service on your machine that manages your certificates…

I wanted a way to auto update my letsencrypt certificates for use on my XG firewall and WAF rules. I developed this script to handle multiple certificates, and to be as dynamic as possible. The approach I took to achieve this is the following: 1) Within…

I spent a few hours on this, so maybe my result helps someone in a similar situation. In my home-lab I'm running a KEMP ADC that publishes all my SSL-Services. Since KEMP does not support Let's encrypt out of the box but offers a PowerShell module for…

Hello all at the moment I use Sophos UTM and WAF with LetsEncrypt. The funktion in UTM is running well and easy. In the near future I want to migrate to Sophos XG. My question is, is it planned in the near future to integrate LetsEncrypt in Sophos…