Let's Encrypt on a Big-IP
Problem this snippet solves:
It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP.
Code :
http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_issue_certificates_from_a_bigip
Published Dec 12, 2015
Version 1.0
- lnxgeek
MVP
Hi Michael
There are a lot of limitations to what you can do on the filesystem as SElinux blocks for execution, so you can't just put files where ever you like (tried it :-) ).
What I do is sync the content manually. I think you can make it more automatically by including this in the hook file as an action after deployment of the certificates.
/Thomas
Luca_ComesCirrus
Dear all, I've configured this procedure on my Big IP and it works fine, great job! I have only an issue with the send_mail script, it seems to work but the email it sends me is empty. I've tried to enable expect logging log_user=1 and I can see the correct connection to the mail server have you any idea what can I check?
Thank you in advance
Luca
- lnxgeek
Hi Luca
Thanks for the feedback :-)
What I would do regarding the mail script is to run it manually. Take out the send_mail parts of the wrapper script and just make a dummy one and see how far you get.
Also check that the log file is not blank and that you are using the right one when you send the mail.
/Thomas
Brad_BakerWe just recently received a notice from Lets Encrypt that they are discontinuing their ACMEv1 API endpoint and we have to switch to ACMEv2. Are there any plans to modify this to support ACMEv2?
Nicolas_RossNimbostratus
This is a hook script for the dehydrated shell script to interace with Let's Encrypt. Use a recent version of the client and it will already support acme v2. https://github.com/dehydrated-io/dehydrated
- Brad_Baker
Awesome - I hadn't realized lets-encrypt.sh was really just dehydrated. I've swapped them out. Thanks for the help!
