Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SMA 100 Let's Encrypt certificate renewal issues - How to renew it?

Tom0x00Tom0x00 Newbie ✭
edited July 2021 in SSL VPN

Hi everyone,

I'm having a bit of trouble with renewing the Let's Encrypt certificates on our SMA100 appliance.

It doesn't seem to autorenew as it expired today so I tried to do it manually by following the SMA100 10.2 admin guide.

I went to System > Certificates, clicked Edit next to the cert and then Renew and Submit as per the guide from here https://www.sonicwall.com/support/technical-documentation/docs/sma_100-10-2-administration_guide/Content/sma-config-system-certif-encrypt.htm/

I didn't enter any private key because we've never set one up, asked my colleague who installed the SMA a few months back and he doesn't recall setting up the certs in the first place, so I am assuming this was automatically done when installing the SMA (could be wrong here).

When I browse to the URL of our appliance in the browser it still serves the old certificate which expired today, instead of the new one. I tried regenerating again with a random key string I created to use as the private key and still ended up with the old cert being used. Renewed again and tried submitting with the key string from before but ended up with strange warnings which prevented me from clicking on the submit button; the message pop up at the top of the browser said "Warning The password is the same with the old one.." < A little ambiguous.

Am I missing something here? How should I go about renewing this certificate correctly?

Couple of screenshots for reference; the details from the new certificate show it should be valid now and expire in October, when I browse to the SMA URL I get NET::ERR_CERT_DATE_INVALID errors, when checking the certificate in the browser it's the old one which expired today.


Any help much appreciated.

Cheers, Tom.

Category: SSL VPN
Reply

Comments

  • ThKThK Cybersecurity Overlord ✭✭✭

    @Tom0x00 Hi ! i remember that http must be open for the letsencrypt cert creation process. could be possible that this must be also on renewal process.

    I closed http after that. only have https allowed to reach the sma from WAN.

    --Thomas

  • Tom0x00Tom0x00 Newbie ✭

    Hi Thomas,

    Thanks for the reply, it's now solved. Port 80 was open, but that wasn't the issue I just needed to reboot the appliance and the changes were applied, it's now using the correct certificate.

    I think restarting the sslvpn and web services from the appliance CLI would also work, but I couldn't do it at the time as people were using the VPN, and it was quicker to just reboot the appliance early this morning before staff signed on.


    Cheers

    Tom

  • ThKThK Cybersecurity Overlord ✭✭✭
Sign In or Register to comment.