Let's Encrypt on a Big-IP
Problem this snippet solves: It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP. Code : http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_iss...
Published Dec 12, 2015
Version 1.0
Stanislas_Piro2
Cumulonimbus
CumulonimbusHi,
it seems the link changes. I found the documentation on this URL:
http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_issue_certificates_from_a_bigip
Thank you lnxgeek for this solution. it is very helpful!
I had some difficulties to understand how to what to do with all these files, so I here is a little installation guide:
- Create the data group
- Copy irule and assign it to the HTTP virtual server which destination address is resolved for each elements in domains.txt
- Create the directory /shared/letsencrypt (it is used in call). all files may be created in this directory
- Create /shared/letsencrypt/domains.txt
- Create the script to create profiles (I called it create-profiles.sh)
- Create config, wrapper.sh, send_mail from code
- Retrieve dehydrated from Lukas Schauer github
- Make all script executable :
chmod 755 hook.sh wrapper.sh send_mail dehydrated create-profiles.sh - Create /var/www/dehydrated directory :
mkdir /var/www/dehydrated - Accept let encrypt terms of license
./dehydrated --register --accept-terms - execute the script to create certificate
./dehydrated -c - Assign clientssl profiles
- Install an iScript