The operating system my web server runs on is (include version): FortiOS 7.2
Yesterday one of our client's Fortigate firewalls could not renew the certificate with the comment "Error (No order for ID %idnumber%)" and Fortinet support says the issue is on the Let's Encrypt side. My question is if anybody can help me determine if this will happen again and/or how to prevent it. Any information is helpful and thank you.
Sorry I am willing to try whatever I just didn't want to put our client's domain information here. I am a jr. engineer and trying to understand where this issue lies. It seems to me its the way Fortinet handles the chain of authority w/ Let's Encrypt. I doubt Ill be able to get Fortigate to fix this from must my support ticket.
There was a cert for that domain issued Sep18 and it is being used for HTTPS on port 4443
HTTPS on port 443, on the other hand, returns a self-signed Fortinet cert. Maybe that's intentional I don't know
The place to start is knowing what kind of ACME challenge is used - HTTP, DNS or TLS-ALPN. We can't tell that from what you've given. I'm not sure what you mean by Fortinet mis-handling the chain of authority.
Okay the way I understand this is that since we are redirecting our vpn.domain.com forward to a non-80 or 443 port the cert doesn't get proper communication w/ Let's Encrypt and can cause an error w/ renewal? Sorry if I sound dumb both the problem and my understanding of how certificates work is all new to me right now.