Adam_McKay_3593's avatar
Adam_McKay_3593
Icon for Nimbostratus rankNimbostratus
Apr 24, 2018

Not 100% relevant to the topic (but figured it wasn't worth a topic of it's own), if you want to create & update Le certificates on an F5 automatically without running scripts directly on the appliance itself, this project on GitHub uses the Python f5-sdk and acme.sh to run either standalone or in a Docker container.

 

https://github.com/farces/acme-f5-deploy/

 

In this case you'd need to use the DNS API for verification as it won't have access to the hosting web server to provision the well-known URI. The list of supported DNS providers is increasing, and if your provider has no API (or you're not willing to give your API Key to the script) you can use an 'alias' DNS on a supported host (Cloudflare is free for example) for the purpose of validation only.

 

It doesn't touch any VServers - it'll only create a certificate and certificate chain, and a single Client SSL profile once (and only if it doesn't already exist), ready to be customized and applied to a VServer.

 

Has worked well for us so I thought I'd put it somewhere other people could use (and revise, as needed!).