For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Automate Let's Encrypt Certificates on BIG-IP

To quote the evil emperor Zurg: "We meet again, for the last time!" It's hard to believe it's been six years since my first rodeo with Let's Encrypt and BIG-IP, but (uncompromised) timestamps don't l...
Updated Mar 31, 2022
Version 2.0
application delivery
BIG-IP
irule
security
ssl
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
ScottE's avatar
ScottE
Icon for MVP rankMVP
Sep 13, 2023

I moved the environmental variables to configuration files so that it can process multiple certificates, both single and SAN.  Also added a "virtual_servers" file which provides the cross references required to map the certificate name(s) to the virtual host on the LB on which to apply the irule and ssl profile to.

There was also a bug I fixed and added a variable in the hook_script.py file for the parent ssl profile that Tim Riker had added.  I've created a pull request:

https://github.com/ScottECampbell/lets-encrypt-python

https://github.com/f5devcentral/lets-encrypt-python/pull/9

Hopefully I've done this all correctly.  I've been running it via cron for over a month with multiple certificates in the config files without any problems.