ACME Certification request issues
Information
Summary: |
Creating Lets Encrypt certificates when having real servers attached to the VIP is a convoluted process. |
Environment: |
Product: Loadmaster Version: 7.2.53.0 and higher Platform: Any Application: N/A |
Question/Problem Description: |
When trying to create Let's encrypt certs, in the add dialogue - the VS dropdown only shows VS's that don't have a real server attached. This means to create the certificate, one has to delete the real server from the port 80 virtual service... create the certificate request, attach the cert to the port 443 virtual service and then re-add the real server back to the port 80 VS. This seems odd and long winded - Is there some misunderstanding somewhere? |
Steps to Reproduce: | |
Error Message: | |
Defect Number: | |
Enhancement Number: | |
Cause: | As per the Lets encrypt documentation on the kemp website, A HTTP/HTTPS Layer 7 Virtual Service must be already configured with the ability to add a SubVS (so it should not have any Real Servers added to the parent Virtual Service - but if there are existing SubVSs they can have Real Servers attached). For instructions on how to convert an existing Virtual Service with Real Servers attached to one with SubVSs with Real Servers attached, refer to the Convert a Virtual Service with Real Servers to one with SubVSs section. So the behavior described is normal. |
Resolution: |
6 Convert a Virtual Service with Real Servers to one with SubVSs When requesting a new certificate, you must select an existing Virtual Service that has the ability to have a SubVS. As a result, the parent Virtual Service cannot have Real Servers attached, but it can have SubVSs with Real Servers attached. If you have an existing Virtual Service with a Real Server attached and you would like to convert it to one with SubVSs so that you can use this Virtual Service for the certificate validation challenge, follow the steps below:1. Go to Virtual Services > View/Modify Services. 2. Click Modify on the relevant Virtual Service. 3. Expand the Real Servers section. 4. Take note of the existing Real Server details. 5. Delete any existing Real Servers. 6. In the Real Servers section, click Add SubVS. 7. Click Modify on the SubVS. 8. Expand the Real Servers section. 9. Configure any settings as needed. 10. Click Add New. 11. Configure any settings as needed and click Add This Real Server. 12. Click Back to return to the SubVS modify screen. 13. Expand the Advanced Properties section. 14. Click Enable for Content Switching. 15. In the Real Servers section, click None in the Rules column. 16. Select the default rule and click Add. |
Workaround: | |
Notes: | https://support.kemptechnologies.com/hc/en-us/articles/10108868626573-Let-s-Encrypt#MadCap_TOC_6_1 |