NOTE: This project is the replacement for the old dehydrated-bigip project.
dehydrated-bigip-ansible is a set of hooks for dehydrated, which is an ACME API client written entirely in Bash shell. It's typically used with the ACME API provided by Let's Encrypt.
Included are a number of Ansible playbooks, used by the hooks, that perform ACME HTTP-01 or DNS-01 challenge completion; and if successful will deploy keys and certs to targetted F5 BIG-IP systems.
dehydrated-bigip-ansible leverages default Ansible modules for all interaction with BIG-IP systems; mostly we use the official F5 BIG-IP Ansible modules ( https://clouddocs.f5.com/products/orchestration/ansible/ ) that are included by default, however direct SSH file transfer and command execution (still using Ansible native modules) is used if deploying an F5 BIG-IP management interface certificate.
This provides automation for obtaining and deploy certificates and keys to F5 BIG-IP appliances from an ACME Certificate Authority.
HTTP-01 and DNS-01 based validation processes can both be used; but are supported using different hook scripts.
Recently tested with BIG-IP versions:
The content in this repository has been used against the following ACME API's,
HTTP-01 validation based on the content (F5 BIG-IP iRule etc) in this repository has been used against the following DNS service API's,
DNS-01 validation based on the content in this repository has been used against the following DNS service API's,
All documentation is available in the Wiki connected to this repository, start here: Wiki
The official documentation from the other components involved should be utilised,
Free support via this repository is available on a best effort basis. Please log an issue describing the problem, and if you've already worked out what the issue is and fixed it in a fork of the repository then feel free to submit a pull request.
Equate Technologies can provide full support with SLA's for paying customers. For information please contact us via our contact page