howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api [26/02/2022 12:58] – [Configuration] domingo | howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api [27/02/2022 17:23] – [Configuration] domingo | ||
---|---|---|---|
Line 44: | Line 44: | ||
* KEY_ALGO=rsa | * KEY_ALGO=rsa | ||
* CONTACT_EMAIL=someone@example.com | * CONTACT_EMAIL=someone@example.com | ||
+ | * PREFERRED_CHAIN=" | ||
+ | |||
+ | I had to specify the " | ||
I have to use RSA certificates due to some SNI limitations in the F5 configuration. If you want to run EC certificates the script works just as well. | I have to use RSA certificates due to some SNI limitations in the F5 configuration. If you want to run EC certificates the script works just as well. | ||
Line 56: | Line 59: | ||
=== F5 === | === F5 === | ||
- | When the hook script deploys the certificates to the Big-IP it will apply an OCSP configuration on it. This is to make OCSP stapling possible and it gives the certificates a nice green satisfying dot in the overview :-D | + | When the hook script deploys the certificates to the Big-IP it will apply an OCSP configuration on to it. This is to make OCSP stapling possible and it gives the certificates a nice green satisfying dot in the overview :-D |
- | Some day I might make the this configuration part of the hook script but for now you will need to install the certificate bundle " | + | Some day I might make the this configuration part of the hook script but for now you will need to install the certificate bundle " |
Also, you need to configure an OCSP object with these settings: | Also, you need to configure an OCSP object with these settings: | ||
< | < | ||
Line 84: | Line 87: | ||
If all goes well you should end up with a set of certificates and client ssl profiles called " | If all goes well you should end up with a set of certificates and client ssl profiles called " | ||
- | Note that the script only maintains the certificates and profiles, you still need to assign them to the actual virtual servers. | + | Note that the script only maintains the certificates and profiles, you still need to assign them to the actual virtual servers |
howtos/let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api.txt · Last modified: 05/08/2022 13:57 by domingo