Let's Encrypt on a Big-IP
Problem this snippet solves:
It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP.
Code :
http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_issue_certificates_from_a_bigip
Published Dec 12, 2015
Version 1.0
J_SloanNimbostratus
Thanks for pulling this together, set this up on my lab appliance and it's working well so far. the hook script needs tweaking to use the BASE_DIR variable instead of /root/certs, other than that it worked great out of the gate. (I think the fullchain.pem statement is obsolete now also btw)- lnxgeek
MVP
You're welcome :-) Please send me your tweaking, then I will update the script. 
HannesWhat version of bigip is this made for? The tmsh modify command which changes the certificates fails on my device. we are running v11.4.0- lnxgeekI've only tested it on v.12.0. Which version are you running?
- HannesI updated the scripts to be working with v11.4, where should I send the tweaks to include them in the howto?
- lnxgeekJust send your updates to me at: domingo at domingo dot dk. Thanks!
- Nicolas_RossGreat, it's working ! I was already using this shell script extensivly on autonomus servers. I was even able to scp and ssh into a remote unit to update its certificate by modifying the hook script.
Delta_Force_270I get ERROR: Problem connecting to server (curl returned with 60)- lnxgeekThe F5 must have access to the Internet (or just Lets Encrypt's servers), as it communicates with the CA.
Mark_CuroleI'm on 11.5.1. I had to update the ca-bundle.crt in /etc/pki/tls/certs to get the curl command to validate the trust
