Current Date:11 June, 2021

How to Create a Let’s Encrypt Certificate on Sophos UTM 9

In Sophos UTM 9 version 9.6x, Sophos have included the ability to create free SSL certificates using Let’s Encrypt to protect web servers, the web admin and other services. This is awesome news!

To get started creating a Let’s Encrypt certificate on your Sophos UTM 9, you’ll need to do the following:

  • Ensure your Sophos UTM 9 is updated to version 9.6x
  • A public subdomain with DNS pointing to your external IP address
    • example: www.utm.yourdomain.com.au
  • Your ISP allows TCP port 80 inbound

Let’s get started!

Enabling Let’s Encrypt Certificates on Sophos UTM 9

  1. Login to your Web Admin of your firewall. By default, it is: https://192.168.1.1:4444
  2. Expand WEB SERVER PROTECTION
  3. Click on CERTIFICATE MANAGEMENT
  4. Click on the ADVANCED tab
  5. Select Allow Let’s Encrypt certificates

Generate a new Let’s Encrypt Certificate on Sophos UTM 9

  1. Click on the CERTIFICATES tab
  2. Click on NEW CERTIFICATE
  3. Enter a NAME for the certificate so you can easily identify it
  4. Select LET’S ENCRYPT for the METHOD
  5. Select EXTERNAL (WAN) (ADDRESS) for the INTERFACE
  6. Click + to your domain name
  7. Type in the name of your fully qualified domain name (FQDN)
  8. Click SAVE
  9. Give your UTM a few minutes and it should create a new certificate from Let’s Encrypt

INFORMATION!

Wildcard Let’s Encrypt certificates are not supported by the Sophos UTM at the time of this publication.

If your certificate was successful, you should see a green icon next to the certificate.

If it fails, you’ll see a yellow alert icon next to the certificate.

Using Let’s Encrypt SSL certificate for Web Admin on the Sophos UTM 9

We can use your newly generated Let’s Encrypt certificate for your Sophos UTM 9 web admin.

  1. Click on MANAGEMENT.
  2. Click on WEBADMIN SETTINGS.
  3. Click on the HTTPS CERTIFICATE tab.
  4. Under “Choose WebAdmin/User Portal Certificate” select the certificate you created.
  5. Click APPLY

I hope this article has helped you setup a Let’s Encrypt certificates on your Sophos UTM 9. If you’re on Aussie Broadband and can’t generate cerficates, see the solution.

SUPPORT ME!

If you’d like to support TECHmarC, or if you’re using an adblocker, I ask you to consider whitelisting my website.

The ads displayed on this site help go towards keeping the website alive. I know its a small ask but every little contribution helps! You can also support me by Buying me a Coffee!

 

Buy me a coffeeBuy me a coffee