Let's Encrypt on a Big-IP
Problem this snippet solves: It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP. Code : http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_iss...
Published Dec 12, 2015
Version 1.0
Leon_137165
Nimbostratus
NimbostratusIf you just start with this and download the latest dehydrated script it won't work. They now use the v2 version of Let's encrypt and that does not seem to work with the above scripts. You get a "Challenge invalid". When you uncomment the "CA" value in the config file (which is the url for version v1) it works just fine.
I'm now trying to modify the scripts to take care of the deletes as well. But also add/remove empty/new client-ssl profiles to the vs. I have a webserver with a lots of small sites which are added/deleted very frequently. I want zero manual work on the f5. Based on what the webserver is asking for in the domains.txt file, I add/delete the appropriate certificates. Lazy admin... :-)