SMA 100 Let's Encrypt certificate renewal issues - How to renew it?
Hi everyone,
I'm having a bit of trouble with renewing the Let's Encrypt certificates on our SMA100 appliance.
It doesn't seem to autorenew as it expired today so I tried to do it manually by following the SMA100 10.2 admin guide.
I went to System > Certificates, clicked Edit next to the cert and then Renew and Submit as per the guide from here https://www.sonicwall.com/support/technical-documentation/docs/sma_100-10-2-administration_guide/Content/sma-config-system-certif-encrypt.htm/
I didn't enter any private key because we've never set one up, asked my colleague who installed the SMA a few months back and he doesn't recall setting up the certs in the first place, so I am assuming this was automatically done when installing the SMA (could be wrong here).
When I browse to the URL of our appliance in the browser it still serves the old certificate which expired today, instead of the new one. I tried regenerating again with a random key string I created to use as the private key and still ended up with the old cert being used. Renewed again and tried submitting with the key string from before but ended up with strange warnings which prevented me from clicking on the submit button; the message pop up at the top of the browser said "Warning The password is the same with the old one.." < A little ambiguous.
Am I missing something here? How should I go about renewing this certificate correctly?
Couple of screenshots for reference; the details from the new certificate show it should be valid now and expire in October, when I browse to the SMA URL I get NET::ERR_CERT_DATE_INVALID errors, when checking the certificate in the browser it's the old one which expired today.
Any help much appreciated.
Cheers, Tom.
Comments
@Tom0x00 Hi ! i remember that http must be open for the letsencrypt cert creation process. could be possible that this must be also on renewal process.
I closed http after that. only have https allowed to reach the sma from WAN.
--Thomas
Hi Thomas,
Thanks for the reply, it's now solved. Port 80 was open, but that wasn't the issue I just needed to reboot the appliance and the changes were applied, it's now using the correct certificate.
I think restarting the sslvpn and web services from the appliance CLI would also work, but I couldn't do it at the time as people were using the VPN, and it was quicker to just reboot the appliance early this morning before staff signed on.
Cheers
Tom
@Tom0x00
:-)