Let's encrypt - SSL certificate

245

Comments

  • User beware, about to start up a support ticket and dig into logs.  But after using certbot to manually create a PEM cert, then using openssl to convert it to a pfx and uploaded it to my remote USG40 successfully, as soon as I changed the WWW cert from default to my new one, the unit stopped processing traffic altogether. HTTP and HTTPS GUI access stopped, and I was only able to access via SSH.   After trying to apply lastgood.conf from a few days before, the unit locked up on reboot and I had to drive an hour to go manually power cycle.  In which case it reverted back to the current config with the broken traffic and HTTPS access.  I was finally able to get it back to normal by doing a "ip http secure-server cert default".  No idea what happened yet but totally ruined my Saturday lol.
  • Zyxel_Vic
    Zyxel_Vic Posts: 281  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer

    ItsPronouncedZyWhaaa

    Sorry for what you had sufferred, or can you PM me the cert you imported to see what's wrong in this cert?

  • Can someone provide me a manual about how to import a free ssl certificate into my USG60?
  • [Deleted User]
    [Deleted User] Posts: 118  Zyxel Employee
    First Anniversary Friend Collector First Answer First Comment

    dear @StevenB


    here you go 

  • Dudley_Winchester
    Dudley_Winchester Posts: 22  Freshman Member
    First Anniversary 10 Comments
    +1 for a wizard on the USG allowing easy setup with Let's encrypt.
  • Alcindo
    Alcindo Posts: 4  Freshman Member
    First Anniversary First Comment
    ZyWALL's (and any other public facing IAD) should have LetsEncrypt support as standard.
    I.e. configure the FQDN of the ZyWALL. Link it to the WAN the FQDN is is on. Enable "Use LetsEncrypt certificate", press Apply. And the ZyWALL should do all of this including the periodic renewal automatically.
    This will make easy to have any ZyWALL (with a FQDN) have a valid certificate.
    Best regards,
    Alcindo
  • +1 !!!
  • dpipro
    dpipro Posts: 64  ZCNE Certified
    First Anniversary ZCNE Switch Level 1 Certification - 2020 ZCNE Nebula Level 1 Certification - 2020 ZCNE Security Level 1 Certification - 2019
    +1 !
    Best regards