[cpach]

It might be possible to run an ACME client on another host in your environment. (IMHO, the DNS-01 challenge is very useful for this.) Then you can (probably) transfer the cert+key to BIG IP, and activate it, via the REST API.

I haven’t used BIG IP in a long while, so take this with a grain of salt, but it seems to me that it might not be impossible to get something going – despite the fact that BIG IP itself doesn’t have native support for ACME.

Two pointers that might be of interest:

https://community.f5.com/discussions/technicalforum/upload-l...

https://clouddocs.f5.com/api/icontrol-rest/APIRef_tm_sys_cry...

[dijit]

Sounds suspiciously similar to a rube goldberg machine.

Those tend to be quite brittle in reality. What’s the old adage about engineering vs architecture again?

Something like this I think: https://www.reddit.com/r/PeterExplainsTheJoke/comments/16141...

[cpach]

Obviously it would be much better if BIG IP had native support for ACME. And F5 might implement it some day, but I wouldn’t hold my breath.

For some companies, it might be worth it to throw away a $100000 device and buy something better. For others it might not be worth it.