Let's Encrypt on a Big-IP

Problem this snippet solves: It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP. Code : http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_iss...

Published Dec 12, 2015

Version 1.0

automatic renew certificates

BIG-IP

certificate automation

certificate management

Let's Encrypt

lnxgeek

MVP

Joined July 21, 2008

View Profile

lnxgeek

MVP

Joined July 21, 2008

View Profile

mishaua_270314

Nimbostratus

Oct 24, 2018

I got this to work fine with the ACME v2 staging environment. When I changed the URL for the production environment I got prompted that the cert is still valid for longer than 30 days. Using the --force flag ignores that message but I get two new messages stating "01070317:3: profile /Common/auto_domains.com's key and certificate do not match" after + Creating fullchain.pem... The messages concludes with +Done!. but the cert that is in use is still the staging one. I had do delete the ssl profile and ssl key and recreate with the production url. Has anyone run into this? Is this because the key name is the same regardless of staging or production?

Let's Encrypt on a Big-IP

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS