Hi,
in the announcement of 9.5 is a part native support for letsencrypt direct in interface. Is it available under the hood and can we active it already or did we have to wait for one of the next up2date pakets?
kind regards
Alex
Hi,
in the announcement of 9.5 is a part native support for letsencrypt direct in interface. Is it available under the hood and can we active it already or did we have to wait for one of the next up2date pakets?
kind regards
Alex
Last I heard, it wasn't going to make it to 9.5.
:-(
It is the thing I need most in Sophos UTM.
James.
Unfortunately we couldn't get Lets Encrypt in 9.5, but it is on our roadmap and something we want to add for sure.
For now, we are considering Lets Encrypt mainly for WAF.
Do you want to use Lets Encrypt with WAF, or something else?
Let's Encrypt uses the ACME protocol and you can use also use DNS as method verifying ownership of the domain, so please make that an option as well.. The pfSense team has an Acme package and it's really easy to setup. So please use them as inspiration for your own implementation.
Sophos UTM 9.3 Certified Engineer
Sophos UTM 9.3 Certified Architect
Sophos XG v.15 Certified Engineer
Sophos XG v.17 Certified Engineer
Sophos XG v.17 Certified Architect
Yes we have looked at their implementation, but the challenge is the UTM may not be in charge of the DNS infrastructure either.
The issue isn't about the ACME protocol, but is about how to prove ownership of the domain when WAF isn't being used.
id be happy to just have it for WAF. Webadmin is optional i guess, its not such a "public" accessed site.
---
Sophos UTM 9.3 Certified Engineer
I know, but it doesn't change the fact that you could let us do the challenge by DNS using a manual txt record or by automating it with an api key from one of the bigger dns providers (if the domain is hosted by them)
Sophos UTM 9.3 Certified Engineer
Sophos UTM 9.3 Certified Architect
Sophos XG v.15 Certified Engineer
Sophos XG v.17 Certified Engineer
Sophos XG v.17 Certified Architect
i automated it with a cronjob script on a linux box, it uses the api of cloudflare, maybe wanna have a look as a temporary solution? ill pm you details if wanted.
---
Sophos UTM 9.3 Certified Engineer
I have the exact same setup :) I'm just wondering why they can't give us more options when others can
Sophos UTM 9.3 Certified Engineer
Sophos UTM 9.3 Certified Architect
Sophos XG v.15 Certified Engineer
Sophos XG v.17 Certified Engineer
Sophos XG v.17 Certified Architect
Hi Kenneth,
You might check in Ideas to see if there's already such a suggestion or make one there and then come back here and share a link to it. Griping here is a waste of energy.
Cheers - Bob
I've already voted!
Thanks for the suggestion Bob.
this is how Lets Encrypt got integrated with opnsense:
---
Sophos UTM 9.3 Certified Engineer
You can use DNS and not have it have control of DNS. It just takes a few extra steps on the end user. I have several servers that I have to do this with and all I have to do is add the required update to my DNS server and wait a few minutes for it to populate. Once that is done, I am able to have the certificates issued. This might be one way to implement it for all areas of the UTM.
This is just my 2 cents.
Thanks,
Eddie
You can use DNS and not have it have control of DNS. It just takes a few extra steps on the end user. I have several servers that I have to do this with and all I have to do is add the required update to my DNS server and wait a few minutes for it to populate. Once that is done, I am able to have the certificates issued. This might be one way to implement it for all areas of the UTM.
This is just my 2 cents.
Thanks,
Eddie