nse8_812 Exam QuestionsBrowse all questions from this exam
Go to Exam

nse8_812 Exam - Question 38

Refer to the exhibit containing the configuration snippets from the FortiGate.

Customer requirements:

SSLVPN Portal must be accessible on standard HTTPS port (TCP/443)

Public IP address (129.11.1.100) is assigned to port1

Datacenter.acmecorp.com resolves to the public IP address assigned to port1

The customer has a Let’s Encrypt certificate that is going to expire soon and it reports that subsequent attempts to renew that certificate are failing.

Reviewing the requirement and the exhibit, which configuration change below will resolve this issue?

Show Answer
Correct Answer: AD

The configuration change needed to resolve the issue with renewing the Let’s Encrypt certificate involves ensuring that ACME requests can reach port 80. The ACME protocol requires validation of an HTTP challenge on port 80. The existing configuration might be blocking this traffic. Changing the admin port from port 80 will allow the ACME client to properly validate and renew the SSL certificate from Let’s Encrypt.

Discussion

3 comments
Sign in to comment
Viewable8041Option: A
Sep 5, 2023

https://docs.fortinet.com/document/fortigate/7.4.1/administration-guide/822087/automatically-provision-a-certificate The redirect on port 80 will block the acme request

ama6Option: B
Sep 24, 2023

Viewable804re you sure it A looks like B is correct !!

GoluxOption: A
Jan 4, 2024

Correct answer A https://community.fortinet.com/t5/FortiGate/Technical-Tip-ACME-certificate-enrollment-with-SSL-VPN/ta-p/193183