Let's Encrypt on a Big-IP
Problem this snippet solves: It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP. Code : http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_iss...
Published Dec 12, 2015
Version 1.0
lnxgeek
MVP
MVPThis is what you need to do to get it running:
- Create datagroup
- Create iRule (just copy from blog)
- Create clientssl profile matching your domains (see blog)
- Populate domain.txt with your domains
- Make appropriate changes to the config file
- Assign iRule to the VS which is assigned to your domains (basically this is where the challenge-response traffic is handled and where your DNS is pointed)
The certificates lives on the F5, this is the point with this script implementation. So there is no distribution of the certificates unless you put it into the hook script. The best way of using SSL/TLS is to have it handled in front of the web servers by the F5 and run cleartext against the servers. The script is completely independent of any device, server, service type you put the F5 in front. The dependency is tight to the F5.
Hope this helps.