For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Let's Encrypt on a Big-IP

Problem this snippet solves: It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP. Code : http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_iss...

Published Dec 12, 2015

Version 1.0

automatic renew certificates

BIG-IP

certificate automation

certificate management

Let's Encrypt

lnxgeek

MVP

Joined July 21, 2008

View Profile

lnxgeek

MVP

Joined July 21, 2008

View Profile

Brad_Baker

Cirrus

Aug 23, 2018

For some of our development systems (behind a ltm) we want to use lets encrypt. The challenge is that because these are development systems we shut them down each night and sometimes we may go days or weeks without starting them back up.

If the backend web servers are down, that means the VIP is down (due to failing health checks), and it appears that means the lets encrypt challenge/response irule won't work and certificates don't get renewed.

So is there some way to make the challenge/response irule still respond even if the VIP/backend servers are down?

Worst is it possible to make a health check that always makes the VIP healthy so that the irule will trigger regardless of what's happening on the backend?

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

Let's Encrypt on a Big-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS