I well configured the certificate on my appliance Fortigate 100F, by following the procedure on the Fortinet official website. Everything was good !
Then, for "teaching" my coworkers, I deleted all "Let's Encrypt" generated certificates on the appliance. And try do the procedure again. It is not working anymore. I have an error every time I'm trying. The message :
"Error (Unsuccessful in contacting ACME server at https://acme-v02.api.letsencrypt.org/directory"
But I can ping it ...
It's very possible that you're encountering a client software problem now that the old root certificate has expired (at the end of September 2021). If so, the software on your Fortigate appliance itself may need to be updated so that it accepts the new certificate.
(since the Let's Encrypt API is serving the short chain rather than the long chain), while a more likely problem is having an outdated root certificate store that doesn't including ISRG's X1 root certificate.
I don't know how much visibility or control Fortigate gives you on software updates, but you might want to look into that and ask them if there are software updates available that could bear on compatibility with ISRG's root.
Thx for the link, but I'm not sure this will help me here.
As I said before, I didn't use it (certificate) anywhere. It was just created and I whish to implement on th 16 October. So it was just in "stand by".
But now, I deleted it to do the procedure again to show and teach it to my student coworker.
Unfortunately, I'm doing the exact same procedure and it is not working anymore.
So my question is, is Let's Encrypt has a cache on their side (with domain name or mail address, or something else) which identifying/recognize my appliance and it don't want it anymore ? Do I have to wait some time for the cache to be flush on the Let's Encrypt side ?
I have just faced with the same problem. I was doing last night some training, then after successful getting the certificate, I deleted it and since that time I can't get new certificate. The log of Fortigate is showing the same message. Have you resolved the problem?
You could try to make one rule above all others with only one specific source and only one specific destination.
Then "play" with that one rule until they can connect.