Automating Certificate Management on F5 BIG-IP

The Certificate Lifespan Revolution Welcome to part one of our two-part series on certificate automation for the BIG-IP platform. Certificate lifecycle management is undergoing a seismic shift th...
Published Jun 23, 2025
Version 1.0
application delivery
automation
Certifiacte
security
Noof's avatar
Icon for Employee rankEmployee
Solutions Architect currently covering the public sector.
View Profile
emalzer's avatar
emalzer
Icon for Altostratus rankAltostratus
Jul 07, 2025

Hi! 

Very nice article! As I'm not a fan of running the ACME client on the BIG-IPs themself, I wrote a plugin ready to use for certbot: https://gitlab.com/emalzer/certbot-f5bigip

You can run certbot then on a VM or in a container and centralise the configuration for different domains and different BIG-IP clusters here in one single place. Or authenticate with one cluster and install on another cluster.

And I built another repo to maintain then this certbot commands and configurations - definitely worth taking a look: https://gitlab.com/emalzer/certbot-ansible 

Feel free to use them for your automation! I will build another plugin for XC and NEXT in the near future.