Request certificates for firewalls

My domain is: un1teee.com and sepidehyeoh.com

I’d like to use certbot to request SSL certificates for Fortigate firewalls for the various domains that I manage (instead of the web sites). Is there a way to automate the generation and renewal of the certificates for multiple domains from one computer (Mac)? Each firewall can have an A record in DNS.

Thank you. Stephen

Does Fortigate provide some kind of HTTP API or programmatic interface to install domain certificates?

For the automated issuance and renewal of certificates from your Mac, I would suggest using DNS validation with an ACME client that supports Cloudflare, such as: https://github.com/acmesh-official/acme.sh/wiki/dnsapi#1-cloudflare-option . You can potentially use Certbot too, I’m just not sure how easy to is to install certbot-dns-cloudflare via Homebrew.

However, you still need to automate the bit where you deploy the certificate to the Fortigate device. To do this, you would write a “deploy hook” (basically a shell script) which performs the commands to upload the certificate to the firewall. You can find some examples here: https://github.com/acmesh-official/acme.sh/wiki/deployhooks and see how they are implemented here: https://github.com/acmesh-official/acme.sh/tree/master/deploy .

There’s a deploy hook there for Palo Alto firewalls, perhaps you can base a Fortigate one on that.

And again, you could potentially do the same in Certbot, which also has its own “deploy hooks”.

1 Like

Thanks. I’ll investigate further.