Forum Discussion

Cirrus

Feb 19, 2026

F5 BIGIP & XC certbot plugin

Hi! As I maintain the certbot-f5bigip plugin to enable the certbot as ACME client to validate and install certificates, I now published the certbot-f5xc plugin! Currently only DNS validation with th...

MVP

Jun 03, 2026

Hi again emalzer

Is it correct that you are using basic auth when you upload the certificates?

I believe that if you change that to the token based auth instead you don't need to use a administrator for the task. JRahm can you confirm?

I have a customer which uses certificate vendor and they only need a certificate manager role to do the updating.

emalzer
Cirrus
Jun 03, 2026
Hi!
No, the plugin does not use Basic auth, it uses token based auth.
And If you user the plugin to install the cert/key/chain and create the ClientSSL profile, you need the administrator role.
You can user the `--f5-bigip-inst-disable-clientssl-profile true` and `--f5-bigip-inst-add-chain-to-certificate true` options to only create / update the certificates.

I just did a quick test on my lab cluster an the certificate manager role is still not enough, as the plugin uploads the cert/key via the "/mgmt/shared/file-transfer/uploads/" API and this role does not have the right to use this endpoint.
So currently I'm not aware of how to update / upload cert & key via the API with only the certificate manager role.