Let's Encrypt on a Big-IP

Problem this snippet solves: It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP. Code : http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_iss...

Published Dec 12, 2015

Version 1.0

automatic renew certificates

BIG-IP

certificate automation

certificate management

Let's Encrypt

lnxgeek

MVP

Joined July 21, 2008

View Profile

lnxgeek

MVP

Joined July 21, 2008

View Profile

thoang_295780

Nimbostratus

Oct 18, 2016

Just tried this and am having a strange problem. On my dev F5 it works without any issues. However, on my prod F5 I get an error.

During the deploy_cert stage when it tries to install the key/cert it gives the error

01070712:3: file (/opt/letsencrypt/certs/somedomain/privkey.pem) expected to exist.

privkey.pem is a symlink to privkey-{timestamp}.key. Testing the install command in the cli with the real file works. Using the symlink gives the above error. Are there permissions settings somewhere I'm missing which would result in the above error?

dev V11.6.0

prod V11.6.1

Let's Encrypt on a Big-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS