With the hints given from @RomanMD I've managed to get it to work with LetsEncrypt. I used the command sudo certbot certonly --manual --preferred-challenges dns --csr MX-Anyconnect.csr -d <A record to Meraki MX> where MX-Anyconnect.csr is the Signing Request generated from Meraki Dashboard. This yields a Challenge that needs to be configured on a TXT record via your own DNS Admin Portal. After successfully verifying this DNS challenge, three files are created: 0000_cert.pem - Device Certificate 0000_chain.pem - Chain Certificate 0001_chain.pem - Full Chain with Device Certificate However, Certbot creates the certificates with the invalid Root Cert, as pointed out by @RomanMD. So after replacing the invalid Root Cert with isrgrootx1.pem, the Meraki Dashboard accepted the device and chain certificate. Tested with Cisco Secure Connect Client, and not getting any certificate errors. 🙂 Kudos and thanks to @RomanMD with hinting towards the invalid Root Cert 🙂
... View more