Automating ACMEv2 Certificate Management on BIG-IP
While we often associate and confuse Let's Encrypt with ACMEv2, the former is ultimately a consumer of the latter. The "Automated Certificate Management Environment" (ACME) protocol describes a system for automating the renewal of PKI certificates. The ACME protocol can be used with public services like Let's Encrypt, but also with internal certificate management services. In this article we explore the more generic support of ACME (version 2) on the F5 BIG-IP.
Introduction
Back in March of 2023, Google proposed a significant reduction in the lifespan of Internet certificates, from the average 13 months down to just 90 days. No firm date was set for this ...
Published Apr 04, 2024
Version 1.0
Kevin_Stewart
Employee
Employee
JRahm
Admin
Admin
ArturoEmployee
EmployeeThank you very much Kevin. I have modified the script to avoid using http-0 challenge as associating one iRule per VS in all LTMs are not viable for a lot of customers. I am using an external DNS (F5 DNS with an iRule) and I successfully implemented the solution with the challenge dns-0 and request the challenge from one VS in the LTM where the FQDN is allocated ;) Although I think that I can even improve the solution sending the challenge from the ACME Client to the VS in the F5 DNS.
I will keep you informed.