Letsencrypt: Auto-Update certificate?

I'm interessted to know whether the UTM has a built-in Functionality which gives here the ability that the Letsencrypt Certificates are renewed automatical. I would expect it to have something like this. If yes, how many days before expiring is this functionaly triggered? Can this functionality be shown somewhere (Cronjobs on CLI or something similar)?

Parents Reply Children
  • BAlfson said:
    You could always set the clock forward two months to see what happens.

    But be warned: Whether the outcome matches reality also depends on how Let's Encrypt behaves when you try to renew a certificate too early. I think I've seen cases where Let's Encrypt didn't issue a new certificate in this case, but simply re-sent the previously created certificate.

    Also you should be aware that Let's Encrypt is protecting their service by rate limiting certain operations.

  • In the description is written you can use Let's Encrypt certificate on every point, but take care you don't use it on points like ssl vpn (remote / side-to-side). In this case the certificate will changed and you have deploy after every change the configuration. 

    So be carefull where you use this certificates. 

    We make a Howto use Lets Encrypt in 9.6 on our Blog

  • In fact, you should not use any public signed certificate for SSL RAS.

    Online Help:

    Server certificate: Select a local SSL certificate to be used by the SSL VPN server to identify itself against the clients.

    Note –Sophos UTM does not support wildcard certificates and certificates signed by an intermedia CA in the SSL VPN.

    __________________________________________________________________________________________________________________