Let's Encrypt Integration
It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
Fortinet now has this and it is an immense time saver for all MSPs. Enterprise, Home, etc. It's relevant to everyone.
Signed SSL certs now require us to re-key annually due to the changes Apple/Google/etc. made to push better security. Getting LetsEncrypt on Sophos should be a huge priority to save time, allowing us to focus on other security issues.
Imagine re-keying certs for 200+ firewalls annually vs setting up LetsEncrypt once? Let's go Sophos! 5 years and 1000+ votes.
If you don't get this in place soon, we'll have to start considering other vendors for the simple principle that time is valuable.
Deliver the goods!
Waiting for years for this feature. I need to change the Sophos UTM and can't wait anymore ... Sorry: another customer leaves sophos.
I understand that our product is primarily aimed at Enterprise businesses who would not need to make use of the Let's Encrypt service, but you are now offering this product to home users who cannot afford to purchase long term SSL certificates.
In order to allow home users to make the most of this product and to feel comfortable in recommending it, you need to offer a way of integrating Let's Encrypt services into your GUI.
I look forward to this being in a future update so I can see how well the XG handles SSL services.
I like to recommend Sophos to my colleagues and clients, but the XG firewall has not made my recommendation list yet.
I would also appreciate this Feature! Thanks!
Can you implement this in the Next comming update? This is the most requestet feature and you are ignoring this since years now. We are loosing customers because of this missing ****.
Our produkt manager is now looking for alternative products and when we decide to change our firewall system, sophos will lose hundrets of customers....
Just evaluate XG and when reading all these comment about LE and others.
Will stay with PfSense as XG (Sophos) still did not 'get it' and still do not listen to his customers.
I really don't want to sound rude.
But don't you think this is becoming embarrassing?
The only reason I can think of that this has not been implemented after all these years is a monetary one. Meaning, someone else is telling you not to do it.
On my next tech-refresh cycle, this will be a critical item on the checklist for a new device.
Please make this happen.
It's all there. Just implement it.
Please make it happen :)
One of the worst things ever is being forced into a new product line explicitly lacking features the old one had. (Looking mostly at you, Google. >:C ) I suppose it's one thing if almost nobody uses it, but... I've never been happier than sorting by popularity and finding that this was the apparent number one request, while I'm configuring my first XG.
I employed LE on every one of my SGs. Especially useful on the ones that end-users connect to from outside, as they're either freaked out by the cert warning or else learn to automatically bypass that warning, rendering it pointless. But, I guess I'll just go back to including instructions to bypass the warning again. Until my patience wears out.
And yeah, lack of feedback from Sophos sure is frustrating. Even unhelpful responses at least show you're actually bothering to pay attention, rather than just wasting even more of our time.
Bitte schnellstmöglich integrieren!
Please ensure that it supports dns-01 challenge, and not just http-01.
Lucar Toni commented
I took some time back in the day, created a script and automated this integration with LetsEncrypt back in the days for XG Firewall.
So until this is implemented in XG Firewall, you could easily build this by yourself, if you need it.
Come on Sophos! At least do the courtesy of just give any kind of response!!!
It starts to feel like ideas.sophos.com is just a place where people can vent their frustrations. As it seems no one from Sophos is actually reading these requests. If someone from Sophos would at least reply once in a while, it would seem like your company somehow engaged.
But this total lack of communication is absurd! Just close down ideas.sophos.com, instead of giving customers false hope of having influence on the future products.
This is way below what any decent company should put their engaged customers through!
Either speak up, or shut it down!
I don't care, if you announce that LE is never going to happen on XG. But at least man up, and reply to the crowd. It's been **** 4 years since last official Sophos reply - how long do you need to consider this?!?
As an user that just 'upgraded' from SG to XG, I sorely miss this feature. Please implement it.
We're now 5 years on since this idea was posted, and it still hasn't been implemented. This will be one of the criteria when I look to renew/replace my XG setup next time round.
This should have been implemented years ago. Amazing. It makes you wonder if they are actually reading/acting on the ideas here, of if they just provide this as a way to express our frustrations among each other.
This feature would be incredibly helpful. There are a LOT of Let's Encrypt clients that could be modified to do this. Not sure why the legacy UTM product supports it but the XG does NOT. https://support.sophos.com/support/s/article/KB-000038399
Sophos has had this under review since April 2017. How long do you normally take to review something? I appreciate, that you are thoroughly reviewing this!
But seriously, whats taking so long??? Please either flat out state, that you just don't want to do it. (and we can stay on UTM, or move to another platform if we need LE). Or at least give some kind of estimate on when it might be expected.
Please implement this feature fast as possible...
we are waiting many years, i've pushed 2 XG because no need at this time for LE, one customer pushed to SG because need to use LE...
But still after 5 years since request it seems there is nothing in progress...
the featurerequest is still in "to proof" state...
then since ??? november/december 2020 ??? changed the state...
and till today no decision?
please implement it fast as possible to XG
How is this STILL not done? It's bad enough that it's not in there, but the fact that you can't even upload a new certificate and simply swap the bindings for the various services over is just beyond belief.
Is XG outsourced to one person working weekends as a little side project, because no part of this feels like the work of a multi-national SERIOUS tech company.
Get your **** together Sophos, I'm not planning on renewing any of my licensing if the situation doesn't improve soon. I'd actually get more use out of PFSense Community Edition at this rate and that's FREE.