Let's Encrypt on a Big-IP
Problem this snippet solves: It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP. Code : http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_iss...
Published Dec 12, 2015
Version 1.0
Brad_Baker
Cirrus
CirrusFor some of our development systems (behind a ltm) we want to use lets encrypt. The challenge is that because these are development systems we shut them down each night and sometimes we may go days or weeks without starting them back up.
If the backend web servers are down, that means the VIP is down (due to failing health checks), and it appears that means the lets encrypt challenge/response irule won't work and certificates don't get renewed.
So is there some way to make the challenge/response irule still respond even if the VIP/backend servers are down?
Worst is it possible to make a health check that always makes the VIP healthy so that the irule will trigger regardless of what's happening on the backend?