Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

ACME Certification request issues

 

Information

 

Summary:

Creating Lets Encrypt certificates when having real servers attached to the VIP is a convoluted process.

Environment:

Product: Loadmaster

Version: 7.2.53.0 and higher

Platform: Any

Application: N/A

Question/Problem Description:

When trying to create Let's encrypt certs, in the add dialogue - the VS dropdown only shows VS's that don't have a real server attached. This means to create the certificate, one has to delete the real server from the port 80 virtual service... create the certificate request, attach the cert to the port 443 virtual service and then re-add the real server back to the port 80 VS. This seems odd and long winded - Is there some misunderstanding somewhere?

Steps to Reproduce:  
Error Message:  
Defect Number:  
Enhancement Number:  
Cause: As per the Lets encrypt documentation on the kemp website,

A HTTP/HTTPS Layer 7 Virtual Service must be already configured with the ability to add a SubVS (so it should not have any Real Servers added to the parent Virtual Service - but if there are existing SubVSs they can have Real Servers attached). For instructions on how to convert an existing Virtual Service with Real Servers attached to one with SubVSs with Real Servers attached, refer to the Convert a Virtual Service with Real Servers to one with SubVSs section.

So the behavior described is normal.
Resolution:

6 Convert a Virtual Service with Real Servers to one with SubVSs

When requesting a new certificate, you must select an existing Virtual Service that has the ability to have a SubVS. As a result, the parent Virtual Service cannot have Real Servers attached, but it can have SubVSs with Real Servers attached. If you have an existing Virtual Service with a Real Server attached and you would like to convert it to one with SubVSs so that you can use this Virtual Service for the certificate validation challenge, follow the steps below:
1. Go to Virtual Services > View/Modify Services.
2. Click Modify on the relevant Virtual Service.
3. Expand the Real Servers section.
4. Take note of the existing Real Server details.
5. Delete any existing Real Servers.
6. In the Real Servers section, click Add SubVS.
7. Click Modify on the SubVS.
8. Expand the Real Servers section.
9. Configure any settings as needed.
10. Click Add New.
11. Configure any settings as needed and click Add This Real Server.
12. Click Back to return to the SubVS modify screen.
13. Expand the Advanced Properties section.
14. Click Enable for Content Switching.
15. In the Real Servers section, click None in the Rules column.
16. Select the default rule and click Add.
Workaround:  
Notes: https://support.kemptechnologies.com/hc/en-us/articles/10108868626573-Let-s-Encrypt#MadCap_TOC_6_1

Comments