Forum Discussion

emalzer's avatar
emalzer
Icon for Cirrus rankCirrus
Feb 19, 2026

F5 BIGIP & XC certbot plugin

Hi! As I maintain the certbot-f5bigip plugin to enable the certbot as ACME client to validate and install certificates, I now published the certbot-f5xc plugin! Currently only DNS validation with th...
Automation
Certifiacte
Let's Encrypt
lnxgeek's avatar
lnxgeek
Icon for MVP rankMVP
Jun 03, 2026

Hi again emalzer​ 

Is it correct that you are using basic auth when you upload the certificates?

I believe that if you change that to the token based auth instead you don't need to use a administrator for the task. JRahm​ can you confirm?

 

I have a customer which uses certificate vendor and they only need a certificate manager role to do the updating.

emalzer's avatar
emalzer
Icon for Cirrus rankCirrus
Jun 03, 2026

Hi!

No, the plugin does not use Basic auth, it uses token based auth. 

And If you user the plugin to install the cert/key/chain and create the ClientSSL profile, you need the administrator role.

You can user the `--f5-bigip-inst-disable-clientssl-profile true` and `--f5-bigip-inst-add-chain-to-certificate true` options to only create / update the certificates.

 

I just did a quick test on my lab cluster an the certificate manager role is still not enough, as the plugin uploads the cert/key via the "/mgmt/shared/file-transfer/uploads/" API and this role does not have the right to use this endpoint.

So currently I'm not aware of how to update / upload cert & key via the API with only the certificate manager role.