This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[HOWTO] Let's Encrypt

Hi all,

I have got a fully working Let's Encrypt setup for multiple domains of my Web Application Firewall on my Sophos UTM 9.4!

On github I have made a manual on how to set it up on your UTM as well. Currently it has a few manual steps to set it up, but I might script this in the future as well.

https://github.com/rklomp/sophos-utm-letsencrypt

Comments, questions and improvements are welcome! And please leave a message if you have got it working as well.

Have fun!

René
[Donate]



This thread was automatically locked due to age.
Parents
  • Hello René,

    First of all, thank for your script and for clearly written instructions. Great work.

    Despite following it step-by-step I encountered a problem: when running the script all seems to work, the certificate can indeed by found in the indicated location but the certificate Sophos uses is not updated... it even says in the output "Updating certificate meta to object None".

    The message seems clear but I have no clue in how to fix it.

    To be complete, I had to deviate from your tutorial by removing "/root/" from SSLCONF="/root/openssl.cnf" in the "getssl.cfg" file else "openssl.cnf" was not found.

    This is the output (I replaced my actual domain by "domain.com")

    ./getssl -f domain.com
    Registering account
    Verify each domain
    Verifying domain.com
    domain.com is already validated
    Verification completed, obtaining certificate.
    Certificate saved in .getssl/domain.com/domain.com.crt
    The intermediate CA cert is in .getssl/domain.com/chain.crt
    reloading SSL services
    Writing certificate for ddomain.com to object REF_uEztNJUMGUypRE
    Updating certificate meta to object None
    Done!
    getssl: domain.com - certificate obtained but certificate on server is different from the new certificate

    Any pointers towards troubleshooting this? I double checked the reference, used the original certificate and created a dummy one to be overwritten.

    Thank you very much for your feedback.

    With best regards,

    ShadowHunter

Reply
  • Hello René,

    First of all, thank for your script and for clearly written instructions. Great work.

    Despite following it step-by-step I encountered a problem: when running the script all seems to work, the certificate can indeed by found in the indicated location but the certificate Sophos uses is not updated... it even says in the output "Updating certificate meta to object None".

    The message seems clear but I have no clue in how to fix it.

    To be complete, I had to deviate from your tutorial by removing "/root/" from SSLCONF="/root/openssl.cnf" in the "getssl.cfg" file else "openssl.cnf" was not found.

    This is the output (I replaced my actual domain by "domain.com")

    ./getssl -f domain.com
    Registering account
    Verify each domain
    Verifying domain.com
    domain.com is already validated
    Verification completed, obtaining certificate.
    Certificate saved in .getssl/domain.com/domain.com.crt
    The intermediate CA cert is in .getssl/domain.com/chain.crt
    reloading SSL services
    Writing certificate for ddomain.com to object REF_uEztNJUMGUypRE
    Updating certificate meta to object None
    Done!
    getssl: domain.com - certificate obtained but certificate on server is different from the new certificate

    Any pointers towards troubleshooting this? I double checked the reference, used the original certificate and created a dummy one to be overwritten.

    Thank you very much for your feedback.

    With best regards,

    ShadowHunter

Children