Let's Encrypt on a Big-IP
Problem this snippet solves: It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP. Code : http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_iss...
Published Dec 12, 2015
Version 1.0
Pytonius
Nimbostratus
NimbostratusPlease help, I have all the files in /shared/letsencrypt directory. wrapper.sh runs, the new cert+key pair is imported and visible in System››Certificate Management : Traffic Certificate Management : SSL Certificate List
But automatic reconfiguration of Client SSL profile with new certificate and key do not work, there is an error in var/log/letsencrypt.log:
The requested key (xyz.
) was not found.key
It seems like the script can not find new certificate and key. I use version 14.1.0 (and I have not configured it in previous versions, so not sure if the issue relates to version).
Update (self-answer): BigIP ver. 14.1 saves the newly generated cert and key without the .crt and .key extensions. That's why the running script generates mentioned error message. Lnxgeek's scripts works well in 13.1, where you can see both files with their extensions in the running-config.
It is easy to make hook.sk work by omitting the extensions in the script:
Before:
cert=${name}.crt
key=${name}.key
After:
cert=${name}
key=${name}