Let's Encrypt Integration
It would be very nice if Let's Encrypt certificates (letsencrypt.org) can be generated directly from the XG Gui. So that the "Let's Encrypt Client" is integrated in the XG. Would it be possible?
Let's Encrypt support is in our current (2021) backlog, and we are currently planning the supporting version. No committed delivery at this time. We do understand the usefulness of the feature.
I just having a feeling, the reason it is not yet implemented because Sophos trying to invent the wheel and create a similar service on their own...
With so many easy-to-implement ACME libraries, I'm really surprised this isn't done yet. Another year of paying for SSL on the ONE system where I can't use Let's Encrypt--Sophos XG.
Over three years on, just wondering if there is any update on this one.
Ryan Miller commented
The last roadmap I saw had Let's Encrypt in the first V19 release. I don't know if that has changed.
What is the status of this request that is over 4 years old and obviously in high demand?
Where are we at with this. SSL Certificate Management is crucially important to securing your infrastructure and tools like Lets Encrypt make it easy to implement using PKI.
Using DNS for the ACME validation means there is not need to publish files on the XG and with the functionality on the UTM already in existence you have visibility into working code. Partners and Customers needing to host a server to implement using scripting is not only excessive but introduces new support complications and challenges (not to mention when the new RESTFUL API is released everyone would need to recode).
With browser security changes it is also becoming more problematic to use self signed certificates and lets be honest most XG customers do not have Enterprise Certificate Servers.
Lets Encrypt is an effective tool for providing valid HTTPS session terminating on the XG (read Admin Portal / User Portal / My Account, captive portal, SPX registration portal & reply portal)
Sophos has focused on enhancing the appliance security with v18 which is great, we need to see this functionality on the current supported appliances. Please do not push it to v18.5 or later which would rule out the vast majority of existing appliances in the field.
I was about to drop coin on an appliance - and was recommended to go XG over UTM. I am so glad I decided to load XG into a VM first. It looks like there's some great reports, but I couldn't find the let's encrypt....ended up here. OMG, seriously?
There's a thread in the community about scripting it....c'mon. You seriously saying 'here's our latest tech with flashy GUI interface and your perfect security appliance - but if you want to complete step one of the security set-up, back to the 90's you go to mess about with scripts or manually uploading certs.
XG testing abandoned. Feel free to advertise when you'd added this
basic feature and I'll try again if I didn't buy a competitor product in the meantime.
Please add this!
What's the use of being able to vote for features, and see that 827 people say this is needed BADLY, and all sophos does is say "we are considering this" (almost THREE YEARS AGO)
Why do we bother to vote for requests, or create them??
Under review for 3+ years? I can no longer recommend your products to customers, too many shortcomings - XG is still not at parity with the UTM.
Where we at on this? Renewing paid certs was a pain to do every 3 years, now we're down to under 1 year. Automated Let's Encrypt renewal is becoming more crucial than ever.
Hi, as of September 1st (now) certificates now have a 1 year lifecycle. It would be great to see a timeline on Let's Encrypt for this reason.
@Alan any update?
"We’re considering this" .... 3 YEARS??????
I can't believe this feature really isn't there.
I've been an old admin since the beginning (from Astaro....), but XG is a completely dusty product.
Sophos new firmware v18 and still no Let's Encrypt.
WAF urgently needs this implementation.
Years later and this still isn't in place, especially with the massive v18 upgrade/overhaul? It's in UTM, so makes no sense that it's not in XG yet. When/how do we get updates for this?
After some years of waiting (initial Test with XG was a disaster) in order to let XG "grow" I installed a VM with Sophos 18 just to find out that Let´s encrypt is not supported. As many others I do not understand why this feature is missing in XG.
PS: @Sophos: please update this feature request and let us now your (updated) thoughts.
If in so many years Sophos just keeps "Considering this" and no implementation, it speaks volumes on your priorities.
It is mid-2020 and not having Let's Encrypt support is a deal-breaker.