Hi,
in the announcement of 9.5 is a part native support for letsencrypt direct in interface. Is it available under the hood and can we active it already or did we have to wait for one of the next up2date pakets?
kind regards
Alex
Hi,
in the announcement of 9.5 is a part native support for letsencrypt direct in interface. Is it available under the hood and can we active it already or did we have to wait for one of the next up2date pakets?
kind regards
Alex
Last I heard, it wasn't going to make it to 9.5.
:-(
It is the thing I need most in Sophos UTM.
James.
Unfortunately we couldn't get Lets Encrypt in 9.5, but it is on our roadmap and something we want to add for sure.
For now, we are considering Lets Encrypt mainly for WAF.
Do you want to use Lets Encrypt with WAF, or something else?
Yes we have looked at their implementation, but the challenge is the UTM may not be in charge of the DNS infrastructure either.
The issue isn't about the ACME protocol, but is about how to prove ownership of the domain when WAF isn't being used.
id be happy to just have it for WAF. Webadmin is optional i guess, its not such a "public" accessed site.
---
Sophos UTM 9.3 Certified Engineer
I know, but it doesn't change the fact that you could let us do the challenge by DNS using a manual txt record or by automating it with an api key from one of the bigger dns providers (if the domain is hosted by them)
Sophos UTM 9.3 Certified Engineer
Sophos UTM 9.3 Certified Architect
Sophos XG v.15 Certified Engineer
Sophos XG v.17 Certified Engineer
Sophos XG v.17 Certified Architect
i automated it with a cronjob script on a linux box, it uses the api of cloudflare, maybe wanna have a look as a temporary solution? ill pm you details if wanted.
---
Sophos UTM 9.3 Certified Engineer
I have the exact same setup :) I'm just wondering why they can't give us more options when others can
Sophos UTM 9.3 Certified Engineer
Sophos UTM 9.3 Certified Architect
Sophos XG v.15 Certified Engineer
Sophos XG v.17 Certified Engineer
Sophos XG v.17 Certified Architect
Hi Kenneth,
You might check in Ideas to see if there's already such a suggestion or make one there and then come back here and share a link to it. Griping here is a waste of energy.
Cheers - Bob
I've already voted!
Thanks for the suggestion Bob.
this is how Lets Encrypt got integrated with opnsense:
---
Sophos UTM 9.3 Certified Engineer
You can use DNS and not have it have control of DNS. It just takes a few extra steps on the end user. I have several servers that I have to do this with and all I have to do is add the required update to my DNS server and wait a few minutes for it to populate. Once that is done, I am able to have the certificates issued. This might be one way to implement it for all areas of the UTM.
This is just my 2 cents.
Thanks,
Eddie
During the registration with Lets Encrypt, you have to prove you own the domain in question by placing a special file in a specific (externally-visible) location. The challenge is, if you're not using WAF, how will the UTM automatically expose this file externally to complete the Lets Encrypt registration?
I think you misunderstood what is meant by "domain" for LetsEncrypt, you do not have to prove for the root domain, you need to prove for each sub domain (also known as a host), so using LetsEncrypt for utm.domain.com does not require access to wherever the "naked" domain domain.com is served.
During the registration with Lets Encrypt, you have to prove you own the domain in question by placing a special file in a specific (externally-visible) location. The challenge is, if you're not using WAF, how will the UTM automatically expose this file externally to complete the Lets Encrypt registration?
I think you misunderstood what is meant by "domain" for LetsEncrypt, you do not have to prove for the root domain, you need to prove for each sub domain (also known as a host), so using LetsEncrypt for utm.domain.com does not require access to wherever the "naked" domain domain.com is served.