howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api [26/02/2022 13:01] – [Configuration] domingo | howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api [05/08/2022 13:17] – [Let's Encrypt with Cloudflare DNS and F5 REST API] domingo | ||
---|---|---|---|
Line 6: | Line 6: | ||
All provisioning and deployment of the certificates are done via the API on the Big-IP to make it as location agnostic as possible. | All provisioning and deployment of the certificates are done via the API on the Big-IP to make it as location agnostic as possible. | ||
+ | |||
+ | |||
+ | ---- | ||
+ | |||
+ | //Update 05-08-2022:// | ||
+ | It would seem like that using basic authentication is putting extra stress on the BigIP and it could fail to complete the requests. | ||
+ | |||
+ | You can find some of the errors you might see here, all worked around using tokens: | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | If you are using external authentication you must use token based authentication as it is the only one supported: | ||
+ | |||
+ | [[https:// | ||
+ | |||
+ | ---- | ||
===== Requirements ===== | ===== Requirements ===== | ||
Line 44: | Line 64: | ||
* KEY_ALGO=rsa | * KEY_ALGO=rsa | ||
* CONTACT_EMAIL=someone@example.com | * CONTACT_EMAIL=someone@example.com | ||
+ | * PREFERRED_CHAIN=" | ||
+ | |||
+ | I had to specify the " | ||
I have to use RSA certificates due to some SNI limitations in the F5 configuration. If you want to run EC certificates the script works just as well. | I have to use RSA certificates due to some SNI limitations in the F5 configuration. If you want to run EC certificates the script works just as well. | ||
Line 84: | Line 107: | ||
If all goes well you should end up with a set of certificates and client ssl profiles called " | If all goes well you should end up with a set of certificates and client ssl profiles called " | ||
- | Note that the script only maintains the certificates and profiles, you still need to assign them to the actual virtual servers. | + | Note that the script only maintains the certificates and profiles, you still need to assign them to the actual virtual servers |
howtos/let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api.txt · Last modified: 05/08/2022 13:57 by domingo