The solution is to change the clock back before Jan 11, 2020 so the ProxySG will think the certificate is still valid, and then upgrade to SGOS 6.7.4.3. Once the box is at 6.7.4.3, the box can be upgraded to its final destination. After upgrading successfully, set the clock back.

Instruction from the GUI:

To set the clock back a year:

• From Management Console, navigate to Configuration > General > Clock.
• If NTP is enabled, disable it by unchecking the Enable NTP box, and hit Apply. The Current Time boxes should no longer be grayed out.
• Change the year under current time back a year, and hit Apply.
  
  

To upgrade the ProxySG from a local file:

• Download the 6.7.4.3 image off of the Broadcom Website.
• From Management Console, navigate to Maintenance > Upgrade > Upgrade.
• Click Upload the system image from local file. A new tab will appear.
• On the new tab, click Browse and navigate to where the 6.7.4.3 image is on your machine, and click Open.
• The file path will now appear under Uploaded File. Click Install. 
• The file will begin to install. Depending on the connection between the client machine and the ProxySG, this can take over 10 minutes.
• Once completed, the tab will display System image installation - Success. Click Close.
• From Management Console, under Maintenance > Upgrade > Upgrade, click Restart the default system.
  
  

To upgrade the ProxySG from a URL:

As the clock is set back, TLS connections will fail. Any URL will need to be HTTP, and not HTTPS. There are still some situations in which upgrading by URL will not work, and so please upgrade via local file if the following does not work for you.

• Retrieve the 6.7.4.3 image download URL from the Broadcom Support Portal. (Instructions on finding the download URL of an image can be found here)
• From Management Console, navigate to Maintenance > Upgrade > Upgrade.
• Paste the URL in the text box, and change "https" to "http"
• Click Download.
• Once completed,the following message will display under the text box: Download Successful. The new system is now the default system. 
• From Management Console, under Maintenance > Upgrade > Upgrade, click Restart the default system.

Once the box is back up, follow the same process for the version of SGOS you are upgrading to. Once you are on your final version, follow the instructions on changing the clock to put the date back, and re-enable NTP if it was configured.

Instructions from CLI:

To set the clock back a year:

• > en
• # config t
• # (config) ntp disable               - Make sure NTP is disabled
• # (config) clock year 2019        - Set year to 2019
• # (config) show clock               - Use this to verify the change is successful
  
  

To upgrade the ProxySG from a URL:

As the clock is set back, TLS connections will fail. Any URL will need to be HTTP, and not HTTPS. There are still some situations in which upgrading by URL will not work, and so please upgrade via local file in GUI if the following does not work for you.

• Retrieve the 6.7.4.3 image download URL from the Broadcom Support Portal. (Instructions on finding the download URL of an image can be found here)
• Paste the URL in notepad or another text editor and change "https" to "http"
• Copy the now HTTP link

From the command line:

• > en
• # conf t
• # (config) upgrade-path "<copied http url here, inside quotations>"  
• # (config) exit
• # load upgrade
• # restart upgrade

Below is some sample output of what the upgrade should look like. In this example, the date was changed to Jan 10th instead of changing the year to 2019.

Once the box is back up, follow the same process for the version of SGOS you are upgrading to. Once you are on your final version, follow the instructions on changing the clock to put the date back, and re-enable NTP if it was configured.