NOTE: This project is the replacement for the old dehydrated-bigip project.
dehydrated-bigip-ansible is a set of hooks for dehydrated, which is an ACME API client written entirely in Bash shell. It's typically used with the ACME API provided by Let's Encrypt.
Included are a number of Ansible playbooks, used by the hooks, that perform ACME HTTP-01 or DNS-01 challenge completion; and if successful will deploy keys and certs to targetted F5 BIG-IP systems.
dehydrated-bigip-ansible leverages default Ansible modules for all interaction with BIG-IP systems; mostly we use the official F5 BIG-IP Ansible modules ( https://clouddocs.f5.com/products/orchestration/ansible/ ) that are included by default, however direct SSH file transfer and command execution (still using Ansible native modules) is used if deploying an F5 BIG-IP management interface certificate.
This provides automation for obtaining and deploy certificates and keys to F5 BIG-IP appliances from an ACME Certificate Authority.
HTTP-01 and DNS-01 based validation processes can both be used; but are supported using different hook scripts.
Recently tested with BIG-IP versions:
- VE, 13.1.3.2.0.0.4
- VE, 14.1.2.5.0.0.3
- VE, 15.1.0.3.0.0.12
The content in this repository has been used against the following ACME API's,
- Let’s Encrypt (ACMEv2) - https://letsencrypt.org/
- DigiCert CertCentral (ACMEv2) - https://www.digicert.com
HTTP-01 validation based on the content (F5 BIG-IP iRule etc) in this repository has been used against the following DNS service API's,
- Let’s Encrypt (ACMEv2) - https://letsencrypt.org/
- DigiCert CertCentral (ACMEv2) - https://www.digicert.com
DNS-01 validation based on the content in this repository has been used against the following DNS service API's,
- Azure DNS - https://azure.microsoft.com/en-au/services/dns
- CloudFlare - https://cloudflare.com/
All documentation is available in the Wiki connected to this repository, start here: Wiki
The official documentation from the other components involved should be utilised,
- ansible - https://www.ansible.com/
- dehydrated - https://dehydrated.io/
- lexicon - https://github.com/AnalogJ/lexicon
Free support via this repository is available on a best effort basis. Please log an issue describing the problem, and if you've already worked out what the issue is and fixed it in a fork of the repository then feel free to submit a pull request.
Equate Technologies can provide full support with SLA's for paying customers. For information please contact us via our contact page