howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revisionBoth sides next revision
howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api [05/08/2022 13:17] – [Let's Encrypt with Cloudflare DNS and F5 REST API] domingohowtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api [05/08/2022 13:33] – [Configuration] domingo
Line 77: Line 77:
  
 You need to set these to fit your environment. I recommend that you setup your F5 HA configuration to automatic sync, so when new certificates gets installed they are automatically sync between the units. You need to set these to fit your environment. I recommend that you setup your F5 HA configuration to automatic sync, so when new certificates gets installed they are automatically sync between the units.
 +
 +----
 +//Update 05-08-2022:// I have changed the "F5_AUTH" parameter a bit to enable support for token based authentication.
 +
 +You will see that two new variables has emerged, "username" and "pwd". This is to be able to use the account information in both basic- and token authentication, as token based uses them in the json body, so we need be able to then in different constructs.
 +
 +The "F5_AUTH" variable is now constructed as a complete "flag value-pair" to be inserted agnosticly in all the curl commands. It required some trixing as curl doesn't like having the flag in the variable. After some googling I found that by creating the variable as an array it all came together. That is why you see the variable used like this: "${F5_AUTH[@]}"     
 +
 +----
 +
  
 === F5 === === F5 ===
-When the hook script deploys the certificates to the Big-IP it will apply an OCSP configuration on to it. This is to make OCSP stapling possible and it gives the certificates a nice green satisfying dot in the overview :-D+When the hook script deploys the certificates to the Big-IP it will apply an OCSP configuration on to it. This is to make OCSP stapling possible and it gives the certificates a nice green satisfying dot in the overview ^_^ 
  
 Some day I might make the this configuration part of the hook script but for now you will need to install the certificate bundle "R3_LE_2025" (and call it that when you import it or change the name in the hook script). You will find it in the zip file at the bottom of the page. Some day I might make the this configuration part of the hook script but for now you will need to install the certificate bundle "R3_LE_2025" (and call it that when you import it or change the name in the hook script). You will find it in the zip file at the bottom of the page.
howtos/let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api.txt · Last modified: 05/08/2022 13:57 by domingo