Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is: waftest2.zumis.lt
Letsencrypt configured on FortiWeb for traffic inspection. It is already nearly 3 hours and still not working. Certificate still not valid. Letsencrypt seems not working. The other domain waftest.zumis.lt seems to work but not aware how long it took to start working. This time am trying to figure out how long it takes and why. If say I need redirect any customer - I cannot wait for hours..
Let's Encrypt certificates are issued almost instantly. Any delays experienced before they "work" are almost always caused by whoever/whatever is installing the certificate.
Did you also open support ticket with Fortinet?
If so, please post the resolution of that ticket here.
I don't think LE, nor the issued cert, is causing the problem.
It seems like the "Have you restarted the web server for it to use the new cert?" type of problem.
[but only Fortinet (or you) can troubleshoot their product]
As an aside, how are the proxy clients configured to accept such an ever-changing certificate?
I sure hope they don't explicitly trust the underlying issuer - that would leave them vulnerable to millions of such trusted sources
Fortinet reply - "Seems that at the moment the Fortiweb is not sending the certificate issue to lets encrypt website The functionality under SNI is under investigation by developers and should be improved in newer versions. At the moment the propose work around to issue the certificate is the following - You need to set up the certificate with the server - Deactivate the http to https - disable the SNI - restart the proxyd diagnose system top 10 diagnose system kill 1 xxxx (xxxx proxyd ID) Restarting this process interrupts all the running session please schedule a window to do so. The process is automatically restarted but can create session interruption."