Automating ACMEv2 Certificate Management on BIG-IP

Introduction While we often associate and confuse Let's Encrypt with ACMEv2, the former is ultimately a consumer of the latter. The "Automated Certificate Management Environment" (ACME) protocol de...
Updated May 12, 2025
Version 2.0
ACME
ACMEv2
certificate
Let's Encrypt
security
Kevin_Stewart's avatar
Icon for Employee rankEmployee
Joined March 16, 2006
View Profile
JRahm's avatar
Icon for Admin rankAdmin
Christ Follower, Husband, Father, Technologist. I love community and I especially love THIS community. My background is networking, but I've dabbled in all the F5 iStuff, I'm a recovering Perl guy, and am very much a python enthusiast. Learning alongside all of you in this accelerating industry toward modern apps and architectures.
View Profile
Arturo's avatar
Arturo
Icon for Employee rankEmployee
Nov 29, 2024

Thank you very much Kevin. I have modified the script to avoid using http-0 challenge as associating one iRule per VS in all LTMs are not viable for a lot of customers. I am using an external DNS (F5 DNS with an iRule) and I successfully implemented the solution with the challenge dns-0 and request the challenge from one VS in the LTM where the FQDN is allocated ;) Although I think that I can even improve the solution sending the challenge from the ACME Client to the VS in the F5 DNS.

I will keep you informed.