Cert Chain Exists

[meverett1167]

if multiple domains are listed in domains.txt, then code will fail when deploying the second cert b/c chain file already exists. Same issue will occur if script was previously used to deploy a different cert, but uses same le-chain.

[f5-rahm]

I'll take a look at the reconfigure and adjust when I get the chance.

[rossnick]

I've found this script while googling for something better than what we were using on our old version 11 bigip. The new ones are at version 16.

While this script fails when uploading the chain, the new certificate is still created.

Previously, the hook script I had was using tmsh to install the certificate :

tmsh install sys crypto key ${name} from-local-file ${KEYFILE}
tmsh install sys crypt cert ${name} from-local-file ${FULLCHAINFILE}
tmsh modify ltm profile client-ssl ${profile} cert-key-chain replace-all-with { default { key $key cert $cert } }

(inspired from https://github.com/steveh565/f5-letsencrypt-http/blob/master/letsencrypt/hook.sh)

Doing so, the fullchain (ie cert+chain) was uploaded to the F5, and the chain itself was not used.

So, with this script, does the chain is really needed ? Can we just specify the key and certificate (fullchain) in the ssl profile ?