hardcoded paths, and hardcoded filenames

[timriker]

cron_wrapper is not executable in the repo. That should be changed.

paths are hardcoded which won't work for most users. Perhaps something like:

• cd $HOME/lets-encrypt-python

Also, I don't have a
pythonvenv/python37/bin/activate
what should that contain?

This code breaks our setup. I have multipe file sets.

• {loadbalancer} - contains all my setting including host, user, pass, http, https
• {loadbalancer}.cfg - DOMAINS_TXT="${BASEDIR}/{load balancer}.dom"
• {loadbalancer}.dom - all the san certs each set on one line

Having the authentication in the environment meant that I could talk to different load-balancers, potentially with different credentials all in one directory. the ONE .f5creds that can't seem to be overridden breaks that.

The file "virtual_servers" also breaks this setup, looks hardcoded, and can't be overridden on the command line. This file assumes that the virtual server name for a given hostname is the same on each load balancer, which is often not a valid assumption. It also require adding each domain on a san cert to the lookup table. This might be useful in some situations, but not for me at the moment as I'm only testing on one vs per lb.

Eventually it would be nice to be able to deploy the validation changes on multiple load balancers, test, and then remove from multiple load balancers in the case were a host uses GTM/DNS load balancing or just has multiple IPs in DNS.

This seems to remove the F5_HTTPS handling. The Let's Encrypt challenge is over http, which should be a separate vip from the one where the cert should be installed in the end. We'll want a F5_HTTPS if eventually we want to add the created ssl profile to a vip, as it won't be the same vip.

[f5-rahm]

thanks @timriker for the feedback. Yeah, it needs work to be more compatible outside my own playground. Happy to take PRs! I can get to it but not for a while I think. heh...looks like you did. I'll take a look and think through that as soon as I can.