Let's encrypt - SSL certificate

24

Comments

  • User beware, about to start up a support ticket and dig into logs.  But after using certbot to manually create a PEM cert, then using openssl to convert it to a pfx and uploaded it to my remote USG40 successfully, as soon as I changed the WWW cert from default to my new one, the unit stopped processing traffic altogether. HTTP and HTTPS GUI access stopped, and I was only able to access via SSH.   After trying to apply lastgood.conf from a few days before, the unit locked up on reboot and I had to drive an hour to go manually power cycle.  In which case it reverted back to the current config with the broken traffic and HTTPS access.  I was finally able to get it back to normal by doing a "ip http secure-server cert default".  No idea what happened yet but totally ruined my Saturday lol.
  • Zyxel_Vic
    Zyxel_Vic Posts: 260  Zyxel Employee

    ItsPronouncedZyWhaaa

    Sorry for what you had sufferred, or can you PM me the cert you imported to see what's wrong in this cert?

  • Can someone provide me a manual about how to import a free ssl certificate into my USG60?
  • Mark_Zyxel
    Mark_Zyxel Posts: 118  Zyxel Employee

    dear @StevenB


    here you go 

    👾

  • Dudley_Winchester
    Dudley_Winchester Posts: 21  Freshman Member
    +1 for a wizard on the USG allowing easy setup with Let's encrypt.
  • Alcindo
    Alcindo Posts: 4  Freshman Member
    ZyWALL's (and any other public facing IAD) should have LetsEncrypt support as standard.
    I.e. configure the FQDN of the ZyWALL. Link it to the WAN the FQDN is is on. Enable "Use LetsEncrypt certificate", press Apply. And the ZyWALL should do all of this including the periodic renewal automatically.
    This will make easy to have any ZyWALL (with a FQDN) have a valid certificate.
    Best regards,
    Alcindo
  • +1 !!!
  • dpipro
    dpipro Posts: 54  ZCNE Certified
    +1 !
    Best regards