This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[HOWTO] Let's Encrypt

Hi all,

I have got a fully working Let's Encrypt setup for multiple domains of my Web Application Firewall on my Sophos UTM 9.4!

On github I have made a manual on how to set it up on your UTM as well. Currently it has a few manual steps to set it up, but I might script this in the future as well.

https://github.com/rklomp/sophos-utm-letsencrypt

Comments, questions and improvements are welcome! And please leave a message if you have got it working as well.

Have fun!

René
[Donate]



This thread was automatically locked due to age.
Parents
  • For some reason certbot does not wanna work for me so I'm just going to modify the script to scp the .key and .crt files directly to my ubuntu server's cert directory.

  • SoulDragon said:

    For some reason certbot does not wanna work for me so I'm just going to modify the script to scp the .key and .crt files directly to my ubuntu server's cert directory.

     

     
    In UTM I created a virtual websever for https and used the certificate to pass the domain to the real webserver. The certificate is not required on the ubuntu server. Some ISP tools however may require a certificate to work with, but that can be a self signed one. UTM will pass the domain name to the ubuntu server, but keeps the certificate active.
  • i made a script that utilizes dehydrated + dns challenge for getting the certs via a linux box (i use a docker instance), this one connects via ssh puts the files on the sophos and cleans up after itself, so no need to install or modifiy anything on the sophos really.

    https://github.com/Optic00/utm_le_updater

    its pretty much hack'n'slay put together but works fine so far, you'll need some basic knowledge on linux and i can't provide support, but its fully automated and doesn't require a running webserver due to dns (you need a dns service with API, i use cloudflare) 

    ---

    Sophos UTM 9.3 Certified Engineer

Reply
  • i made a script that utilizes dehydrated + dns challenge for getting the certs via a linux box (i use a docker instance), this one connects via ssh puts the files on the sophos and cleans up after itself, so no need to install or modifiy anything on the sophos really.

    https://github.com/Optic00/utm_le_updater

    its pretty much hack'n'slay put together but works fine so far, you'll need some basic knowledge on linux and i can't provide support, but its fully automated and doesn't require a running webserver due to dns (you need a dns service with API, i use cloudflare) 

    ---

    Sophos UTM 9.3 Certified Engineer

Children
No Data