For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Let's Encrypt on a Big-IP

Problem this snippet solves: It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP. Code : http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_iss...

Published Dec 12, 2015

Version 1.0

automatic renew certificates

BIG-IP

certificate automation

certificate management

Let's Encrypt

lnxgeek

MVP

Joined July 21, 2008

View Profile

lnxgeek

MVP

Joined July 21, 2008

View Profile

Leon_137165

Nimbostratus

Mar 15, 2018

If you just start with this and download the latest dehydrated script it won't work. They now use the v2 version of Let's encrypt and that does not seem to work with the above scripts. You get a "Challenge invalid". When you uncomment the "CA" value in the config file (which is the url for version v1) it works just fine.

I'm now trying to modify the scripts to take care of the deletes as well. But also add/remove empty/new client-ssl profiles to the vs. I have a webserver with a lots of small sites which are added/deleted very frequently. I want zero manual work on the f5. Based on what the webserver is asking for in the domains.txt file, I add/delete the appropriate certificates. Lazy admin... :-)

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Let's Encrypt on a Big-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS