Try Auvik Free
Try Auvik Free

How can we help?

  1. Auvik Support
  2. Device Inventory
  3. Backup management

FortiGate ACME Certificate Renewal Causes Frequent Configuration Change Alerts

Avatar
Abhilasha Honnaiah
Follow

Summary

You may receive frequent (for example, hourly) configuration change alerts or tickets for a FortiGate device, even when no manual configuration changes have been made.

This behavior is commonly caused by ACME certificate renewal activity (such as Let’s Encrypt), which updates certificate-related data on the device. Auvik detects these updates as configuration changes and triggers alerts and backups.

Symptoms

  • Repeated configuration change alerts (often hourly)
  • No corresponding administrative changes made on the firewall
  • Frequent configuration backups triggered in Auvik
  • Alerts correlate with certificate renewal attempts

Why This Happens

FortiGate devices using ACME certificates automatically update:

  • Certificate metadata
  • Validation challenge data
  • Account information
  • Timestamps and renewal status

If certificate renewal is failing or retrying frequently, these updates occur repeatedly.

Auvik interprets these updates as configuration changes and:

  • Triggers configuration change alerts
  • Initiates configuration backups

How to Confirm

On the FortiGate:

  • Logs: Check Log & Report > Events for ACME/certificate activity
  • Certificates: Go to System > Certificates > Local Certificates and review renewal status and errors
  • VDOMs (if used): Check both VDOM and global contexts

Common Causes

  • FQDN does not resolve to the correct public IP
  • Required ports not reachable (TCP/80 for HTTP-01)
  • NAT or missing port forwarding
  • Incorrect policies or interface settings
  • Outdated FortiOS

Resolution

  • Verify DNS – Ensure the FQDN resolves to the correct public IP
  • Check reachability – Allow required ports (e.g., TCP/80) or configure DNS-01
  • Validate policies and interfaces – Ensure required services and traffic are allowed
  • Update FortiOS – Apply the latest recommended patch
  • Recreate certificate (if needed) – Disable auto-renew, recreate the certificate, then re-enable auto-renew

Reduce Alert Noise (Temporary)

  • Lower or suppress configuration change alerts (temporarily)
  • Adjust backup frequency (for example, hourly to daily)

Validation

  • Certificate renews successfully
  • No repeated ACME errors in logs
  • Configuration change alerts return to normal

If alerts persist after successful renewal, please contact Auvik Support for further assistance.

 
 
Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Auvik System Status

Check system status

Need help?

Submit your question or comment and we'll be in touch.

Send a message

Related articles