F5 BIG-IP plugin for Certbot
Project description
certbot-bigip-plugin
Requirements
see certbot rquirements: https://certbot.eff.org/docs/install.html#system-requirements
- F5
- LE Chain needs to be at /Common/chain_Letsencrypt and in every other folder that uses this plugin. ( f.e.: /Internal/chain_Letsencrypt) At the moment, the plugin checks if a corresponding certificate/chain is located in the same partition/folder as the profile that uses it This is eligible to change in future versions
- clientssl profile needs to be attached to the virtual server (DOMAIN_clientssl) At the moment, the plugin only updates the client profile but does not attach it to the virtual server
Install
Usage
Parameters:
--certbot-bigip:bigip-username Username for F5 Connection
--certbot-bigip:bigip-password Password for F5 Connection
--certbot-bigip:bigip-partition Partition the Virtual Server is configured on
--certbot-bigip:bigip-clientssl-parent Parent Profile for new client SSL profile
--certbot-bigip:bigip-vs-list List of virtual servers, the certificate shoudl be used for
--certbot-bigip:bigip-device-group Big IP device group for synchronization
--certbot-bigip:bigip-iapp IApp, if any, the virtual server is part of
Example:
certbot --non-interactive --expand --email 'admin@example.com' --agree-tos \
-a certbot-bigip:bigip -i certbot-bigip:bigip \
-d 'example.com' \
--certbot-bigip:bigip-list 'example-f5.local,example-f5-ha.local' \
--certbot-bigip:bigip-username 'user' \
--certbot-bigip:bigip-password 'secret' \
--certbot-bigip:bigip-partition 'internal' \
--certbot-bigip:bigip-clientssl-parent '/Common/parent_clientssl' \
--certbot-bigip:bigip-vs-list '/internal/example.com.app/example.com_vs' \
--certbot-bigip:bigip-device-group 'fail-sync' \
--certbot-bigip:bigip-iapp '/internal/example.com.app/example.com_vs'
Issues
If you find errors please add a ticket If you fix errors please create a new branch and then a merge request
- to the master branch if it is a bugfix
- to the development branch if it is a feature
Develop
docker run --volume $PWD:/src -it registry.ong.at:5555/infra/certbot-plugins/environments/certbot_docker_image:master sh
#in container:
/src/python setup.py develop
use the docker image for local development
test
docker run --volume $PWD:/src -it registry.ong.at:5555/infra/certbot-plugins/environments/certbot_docker_image:master sh
# in container run
export BIGIP_USERNAME=myusername
export BIGIP_PASSWORD=myPassword
pytest
release
to release a version on pypi tag a commit on the master branch like this "v1.0.3"
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
certbot-bigip-1.0.4.tar.gz
(14.4 kB
view details)
File details
Details for the file certbot-bigip-1.0.4.tar.gz.
File metadata
- Download URL: certbot-bigip-1.0.4.tar.gz
- Upload date:
- Size: 14.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.3.0 pkginfo/1.7.0 requests/2.25.1 setuptools/53.0.0 requests-toolbelt/0.9.1 tqdm/4.57.0 CPython/3.9.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5be7ae6c8ec40e1997516f4a4fc3d53d798aa575851fe9f33d6d129586318a6a |
|
| MD5 | 13cc67f54908259e28dd2693539052e9 |
|
| BLAKE2b-256 | 403b8701dfc19d0330e1e4642b7feb8eaab6ad89631a9ceb972c0c70a645b18c |
