Differences

This shows you the differences between two versions of the page.

--- howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api [26/02/2022 12:55] – [Configuration] domingo
+++ howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api [26/02/2022 13:02] – [Installation] domingo
@@ Line 33: / Line 33: @@
   * hoot.sh (a hook file being called in the different stages of the issuing process)
-I have added a fourth script called "upload.sh" which takes care of the uploading of certificate and key files to the Big-IP. The script was initially intended for overcoming some shortcomings with curl when making large file uploads to the Big-IP. To avoid running into issues down the line, if certificate files becomes too large for curl, I played it safe. It could also become handy for ideas in the future. The script is made by Justin Clark (see reference at the F5 webpage https://support.f5.com/csp/article/K41763344)
+I have added a fourth script called "upload.sh" which takes care of the uploading of certificate and key files to the Big-IP. The script was initially intended to overcoming some shortcomings with curl when making large file uploads to the Big-IP. To avoid running into issues down the line, if certificate files becomes too large for curl, I played it safe. It could also become handy for ideas in the future. The script is made by Justin Clark (see reference at the F5 webpage https://support.f5.com/csp/article/K41763344)
 === domain.txt ===
-Basically you need to populate this file with all the domains you need to issue certificates to. Inside the dehydrated docs/example folder you will find examples of different ways you can use it. Remember that with the dns-01 challenge protocol you have access to wildcard certificates should you choose to do that.
+Basically you need to populate this file with all the domains, and SANs, you need to issue certificates for. Inside the dehydrated docs/example folder you will find examples of different ways you can use it. Remember that with the dns-01 challenge protocol you have access to wildcard certificates should you choose to do that.
 === config ===
@@ Line 56: / Line 56: @@
 === F5 ===
-When the hook script deploys the certificates to the Big-IP it will apply an OCSP configuration on it. This is to make OCSP stapling possible and it gives the certificates a nice green satisfying dot in the overview :-D
+When the hook script deploys the certificates to the Big-IP it will apply an OCSP configuration on to it. This is to make OCSP stapling possible and it gives the certificates a nice green satisfying dot in the overview :-D
-Some day I might make the this configuration part of the hook script but for now you will need to install the certificate bundle "R3_LE_2025" (and call it that when you import it). You will find it in the zip file at the bottom of the page.
+Some day I might make the this configuration part of the hook script but for now you will need to install the certificate bundle "R3_LE_2025" (and call it that when you import it or change the name in the hook script). You will find it in the zip file at the bottom of the page.
 Also, you need to configure an OCSP object with these settings:
 <file>
@@ Line 84: / Line 84: @@
 If all goes well you should end up with a set of certificates and client ssl profiles called "auto_<domain>" on your Big-IP installation.
-Note that the script only maintains the certificates and profiles, you still need to assign them to the actual virtual servers.
+Note that the script only maintains the certificates and profiles, you still need to assign them to the actual virtual servers to put them into effect.