Agent automation

To automate the execution, set up a cronjob and call the start_acme.py script included with the integration. This script automatically sets the environment variables based on their definition in the ./env file, checks YAML file, and runs the start_acme.py command.

Automating the execution

The start_acme.py script included in the integration package can be used as a cronjob. It will be executed at the defined time interval and run the required command. For cron schedule expressions, see crontab.guru.

An example cronjob command.

* */12 * * * /opt/sectigo/start_acme.py > /dev/null 2>&1

This will execute the script every 12 hours.

If you are using distributions with automated renewal setup and a cronjob, make sure it is not running at the same time as the cronjob as it may result in conflicts.

New certificate issuance

When the start_acme.py automation script runs, it reads the YAML files stored in the /etc/sectigo directory to enroll or renew the certificates for the virtual servers.

Certificate renewal

The agent handles both the issuance and renewal of a certificate by checking the F5 to see whether a certificate with the given Common Name already exists on F5. This is done using the configuration YAML file.

If a certificate with the name specified in the configuration YAML file exists on F5 and is in the expiry window (by default it is 30 days, but it can be configured using ACME_DAYS_TO_RENEW=30 in the env file) or revoked, the agent renews the certificate. When a certificate is renewed, the agent automatically installs the new certificate on the F5 appliances and updates the custom client ssl profile with the new key, certificate, and password.

For more information, see Managing certificates in the Certbot documentation.