ACME client on the new FortiOS 7.0


For those using FortiGate firewalls, please be aware that FortiOS 7.0 supports ACME certs now.
You can easily get a free Lets' Encrypt certificate in a few clicks; FortiOS will do the rest. This is useful for your admin web page or your SSL portal.

How to set it up: New Features | FortiGate / FortiOS 7.0.0 | Fortinet Documentation Library

Great integration!


Great news!

A question tho @tco, although I don't know if you're affiliated with Fortinet: I assume FortiOS will automatically renew the certificate each 60 days? Because this isn't mentioned in the documentation as far as I can see. And the use of "Import" in the sentence "Import an ACME certificate in the GUI" suggests a one-time thing to me.. So I'm in doubt.

Also, can the certificate also be used for other purposes other than securing the remote administrator access to the FortiGate?

1 Like

There is a parameter called "Renew Window" when you setup the ACME client.
It is 30 days by default, See the doc file and screenshot.
SSL portal cert is the use case I have.


Ah, I seem to have missed that option!

So that's the amount of days between the expiry date and when FortiOS will start to try to renew, right?

1 Like

Hi Osiris,

It looks like this what the doc says. But I haven't seen the renewal yet mysef.


1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.