Lnxgeek.org Wiki - Freedom of choice, I choose Freedom

User Tools

Site Tools

You are here: start » howtos » let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api
howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
howtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api [05/08/2022 13:33] – [Configuration] domingohowtos:let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api [05/08/2022 13:57] (current) – [Requirements] domingo
Line 38: Line 38:
          
          
-  * Next you need an admin account on the Big-IP, or equivalent with permissions to install certificates and modify client ssl profiles, and access to the management interface on port 443/tcp. Also, you need access to the Cloudflare API URL (https://api.cloudflare.com) from the machine running the script.+  * Next you need an admin account on the Big-IP, or equivalent with permissions to install certificates and modify client ssl profiles, and access to the management interface on port 443/tcp. Also, you need access to the Cloudflare API URL (https://api.cloudflare.com) and Let's Encrypt API (https://acme-v02.api.letsencrypt.org) from the machine running the script.
   *  Finally a bash shell with curl available.   *  Finally a bash shell with curl available.
  
Line 91: Line 91:
 When the hook script deploys the certificates to the Big-IP it will apply an OCSP configuration on to it. This is to make OCSP stapling possible and it gives the certificates a nice green satisfying dot in the overview ^_^  When the hook script deploys the certificates to the Big-IP it will apply an OCSP configuration on to it. This is to make OCSP stapling possible and it gives the certificates a nice green satisfying dot in the overview ^_^ 
  
-Some day I might make the this configuration part of the hook script but for now you will need to install the certificate bundle "R3_LE_2025" (and call it that when you import it or change the name in the hook script). You will find it in the zip file at the bottom of the page.+Some day I might make this configuration part of the hook script but for now you will need to install the certificate bundle "R3_LE_2025" (and call it that when you import it or change the name in the hook script). You will find it in the zip file at the bottom of the page.
 Also, you need to configure an OCSP object with these settings: Also, you need to configure an OCSP object with these settings:
 <file> <file>
Line 122: Line 122:
 ---- ----
  
-{{ :howtos:le-automation-files.zip |}}+{{ :howtos:le-automation-files.zip |}} zip-bundle with only basic authentication available. 
 + 
 +{{ :howtos:le-automation-files-token.zip |}} zip-bundle with both token- and basic authentication available.
  
howtos/let_s_encrypt_-_how_to_issue_certificates_with_cloudflare_dns_and_f5_rest_api.txt · Last modified: 05/08/2022 13:57 by domingo