Import LetsEncrypt authority certificate to USG110

kyssling
kyssling Posts: 107  Ally Member
First Comment First Answer Friend Collector Sixth Anniversary

Hello i create and import new Lets Encrypt certificate to older USG110 firewall,
but when i try import authority certificate from https://letsencrypt.org/cs/certificates/
i have problem ...

I Can import ISRG Root X1 certificate and Let’s Encrypt R11.

But my certificate is R10.

When i try import R11 type i get message :
errno: -17018
errmsg: PKI certificate already exists.

I try reboot USG, delete R11 nothing help.

Can anybody help me with import authority R10 for LetsEncrypt ?

Very thanks

Best Answers

  • kyssling
    kyssling Posts: 107  Ally Member
    First Comment First Answer Friend Collector Sixth Anniversary
    Answer ✓

    Very thanks Zyxel for help, problem was with pfx certificate. (p12 could be imported correctly)

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,200  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @kyssling

    Yes, the certificate requires using the extra private key and should be imported as a .p12 file. This allows us to use the extension tool to modify the certificate as needed.

    I'm glad to hear that this is helpful!

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

All Replies

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,200  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @kyssling

    To assist you better, could you please provide the following information?

    1. Which certificate would you like to use for HTTPS certification?
    2. Could you share the certificate you obtained from Let's Encrypt via private message?
    3. Please also specify the requirements you would like to achieve with this certificate.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,200  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security

    Hi @kyssling

    Thank you for sharing more details and the R10/R11 certificte for us through private msg.

    To resolve the issue, you can follow the steps below:

    1. Please ensure that you import the ISRG Root X1, R10, and R11 certificates into the Trusted Certificates section. This completes the full certificate chain required.
    2. After importing those, you can then upload your purchased CA certificate into the My Certificate section.

    Currently, we’ve only received your R10 and R11 certificates. Please download and import the ISRG Root X1 certificate from the Let's Encrypt website ( https://letsencrypt.org/certificates/ ) into the Trusted Certificates section and see if the issue is resolved.

    If the issue persists, kindly provide us with your purchased certificate, including the private key, so we can further investigate.

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

  • kyssling
    kyssling Posts: 107  Ally Member
    First Comment First Answer Friend Collector Sixth Anniversary

    Unfortunately there is a problem, I will send a private message ….

  • kyssling
    kyssling Posts: 107  Ally Member
    First Comment First Answer Friend Collector Sixth Anniversary
    Answer ✓

    Very thanks Zyxel for help, problem was with pfx certificate. (p12 could be imported correctly)

  • Zyxel_Kay
    Zyxel_Kay Posts: 1,200  Zyxel Employee
    Zyxel Certified Network Engineer Level 2 - Nebula Zyxel Certified Network Engineer Level 2 - WLAN Zyxel Certified Network Engineer Level 2 - Switch Zyxel Certified Network Engineer Level 2 - Security
    Answer ✓

    Hi @kyssling

    Yes, the certificate requires using the extra private key and should be imported as a .p12 file. This allows us to use the extension tool to modify the certificate as needed.

    I'm glad to hear that this is helpful!

    Kay

    See how you've made an impact in Zyxel Community this year! https://bit.ly/Your2024Moments_Community

Security Highlight