Forum Discussion

AlexS_yb's avatar
Icon for Cirrocumulus rankCirrocumulus
Oct 18, 2021

BIGIQ & Letsencrypt



Any one create an irule to handle the api landing for challenges ?

I can do manually


I was thinking irule should be able to handle

grab the info store it locally ? with time out

then when request comes through look up value and send



1) how to write irule to get post data

2) how to store locally - APM session isn't the place so where is ?




1 Reply

  • So it seems like the BIGIQ doesn't actually do any magic ,, it talk to the lets encrypt servers

    it utilised an API interface into a back end.


    so for any one googling to here.


    I have my VS and I have a backend pool - nginx on rhel

    for location /.well-known/acme-challenge/

    I send to the nginx pool


    on nginx i have this

     location /.well-known/acme-challenge/ {

      root   /var/www/html/;

      index   index.html index.htm index.php;


      add_header Last-Modified $date_gmt;

      add_header Cache-Control 'no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';

      if_modified_since off;

      expires off;

      etag off;



      location /.well-known/acme-challenge/api {

       #index   index.html index.htm index.php;


       perl f5acme::handler;






    and the perl code is this


    package f5acme;



    # this is to be the end point


    use nginx;

    use JSON::Parse 'parse_json','assert_valid_json';



    sub handler {

     my $r = shift;


     if ($r->request_method ne "POST") {

      return DECLINED;




     if ($r->has_request_body(\&post)) {

      return OK;



     return HTTP_BAD_REQUEST;




    sub post {

     my $r = shift;




     eval {

      assert_valid_json ($r->request_body);



     if ($@){

      $r->print("Your JSON was invalid: $@\n");





     my $js = parse_json ($r->request_body);


     my $fname="/var/www/html/".$js->{'challenges'}[0]{'fileName'};


     unless ( open FILE, '>'.$fname ){


      $r->print("unable to create $fname\n");






    seems to work , try at your own risk :)