[BIG-IP-LTM] 自動更新 letsencrypt 憑證及 更新LTM 上的 profile

[BIG-IP-LTM] 自動更新 letsencrypt 憑證及 更新LTM 上的 profile

有部分參考 這個網站 BIG-IP_Let'sencrypt

#!/usr/bin/env bash
# linux 主機要先更新 widecard-憑證
# 修改變數 請先到 cloudflar 取得 CF_key
# export CF_Key="YOUR_CLOUD_FLARE_API_KEY"
# export CF_Email="YOUR_CLOUD_FLARE_LOGIN_EMAIL"
# 確認自己的 要申請的憑證 網域
# DOMAIN=your-domain.com
# 網頁更新 /var/www/html/letsencrypt

    DOMAIN=bigtalk.info
    now=$(date +%Y-%m-%d)
    profile=auto_${DOMAIN}
    name=${DOMAIN}_${now}_lab_2
    dcert=${name}.crt
    dkey=${name}.key
    ocsp="letsencrypt-ocsp"
    KEYFILE="http://x.x.x.x/letsencrypt/keys/bigtalk.info.key"
    FULLCHAINFILE="http://X.X.X.X/letsencrypt/live/bigtalk.info/fullchain.pem"
        echo "key ${dkey} from file ${KEYFILE}"
        echo "key ${dcert}.crt from file ${FULLCHAINFILE}"

sleep 10

tmsh install sys crypto key ${name} from-url ${KEYFILE}
tmsh install sys crypt cert ${name} from-url ${FULLCHAINFILE}
#
sleep 2
#
tmsh modify ltm profile client-ssl ${profile} cert-key-chain replace-all-with { default { key $name cert $name } }