The solution is to change the clock to Jan 1, 2020 so the Edge SWG (ProxySG) will think the certificate is still valid, and then upgrade to SGOS 6.7.4.3. Once the box is at 6.7.4.3, the box can be upgraded to its final destination. After upgrading successfully, set the clock back.

Instruction from the GUI:

To set the clock back to a date before the certificate expires:

• From Management Console, navigate to Configuration > General > Clock.
• If NTP is enabled, disable it by unchecking the Enable NTP box, and hit Apply. The Current Time boxes should no longer be grayed out.
• Change the date to Jan 1, 2020, and hit Apply. 

To upgrade the Edge SWG (ProxySG) from a local file:

• Download the 6.7.4.3 image off of the Broadcom Website.
• From Management Console, navigate to Maintenance > Upgrade > Upgrade.
• Click Upload the system image from local file. A new tab will appear.
• On the new tab, click Browse and navigate to where the 6.7.4.3 image is on your machine, and click Open.
• The file path will now appear under Uploaded File. Click Install. 
• The file will begin to install. Depending on the connection between the client machine and the Edge SWG (ProxySG), this can take over 10 minutes.
• Once completed, the tab will display System image installation - Success. Click Close.
• From Management Console, under Maintenance > Upgrade > Upgrade, click Restart the default system.
  

To upgrade the Edge SWG (ProxySG) from a URL:

As the clock is set back, TLS connections will fail. Any URL will need to be HTTP, and not HTTPS. There are still some situations in which upgrading by URL will not work, and so please upgrade via local file if the following does not work for you.

• Retrieve the 6.7.4.3 image download URL from the Broadcom Support Portal. (Instructions on finding the download URL of an image can be found here)
• From Management Console, navigate to Maintenance > Upgrade > Upgrade.
• Paste the URL in the text box, and change "https" to "http"
• Click Download.
• Once completed, the following message will display under the text box: Download Successful. The new system is now the default system. 
• From Management Console, under Maintenance > Upgrade > Upgrade, click Restart the default system.

Once the box is back up, follow the same process for the version of SGOS you are upgrading to. Once you are on your final version, follow the instructions on changing the clock to put the date back, and re-enable NTP if it was configured.

Instructions from CLI:

To set the clock to Jan 1, 2020:

• > en
• # config t
• # (config) ntp disable               
• # (config) clock year 2020 
• # (config) clock month 1
• # (config) clock day 1    
• # (config) show clock          - to verify date change successful     
  
  

To upgrade the Edge SWG (ProxySG) from a URL:

Because the clock is no longer current, TLS connections will fail. Any URL will need to be HTTP, and not HTTPS. There are still some situations in which upgrading by URL will not work, and so please upgrade via local file in GUI if the following does not work for you.

• Retrieve the 6.7.4.3 image download URL from the Broadcom Support Portal. (Instructions on finding the download URL of an image can be found here)
• Paste the URL in notepad or another text editor and change "https" to "http"
• Copy the now HTTP link

From the command line:

• > en
• # conf t
• # (config) upgrade-path "<copied http url here, inside quotations>"  
• # (config) exit
• # load upgrade
• # restart upgrade

Below is some sample output of what the upgrade would look like had the date been Jan 10, 2020.

Once the box is back up, follow the same process for the version of SGOS you are upgrading to. Once you are on your final version, follow the instructions on changing the clock to put the date back, and re-enable NTP if it was configured.