Just to add to the thread.
Yes I would like to use letsencrypt with PA.
No I don't want to manage the certs in PA. why - current management sucks - renew a cert with SAN attributes and they get lost - support tell me thats just how it is and I shouldn't be using the PA for cert management so (double checked with SE ..)
I do like current have a script for auth and distributing certs.
I would mind if somebody here could port the scripts to insert into PA.
By PA I mean Panorama which would then distribute it to the other PA's
so I wouild have a place holder name of say LE1 which could then assign to a PA management interface.
My script would renew the LE1 cert and then insert into PA (via api ?) which would overwrite the current LE1 and then somehow push from panorama to the PA's
Having this integration would be amazing.
We manage around 100-odd PA-220's for small clients all with GP.
To answer you questions:
1) If you're currently using Let's Encrypt certs with PAN-OS and your workflow does not look like the above, can you briefly describe it?
We aren't using it because of the high maintenance.
2) Is your desired end goal that PAN-OS runs Let's Encrypt natively? If not, what is your desired end goal?
100% Natively would be the goal.
3) In between the end goal and now, would you want a stop-gap solution?
Depends on how complex.
4) If you want a stop-gap solution, what form should it take? A standalone executable / script? Ansible module? Terraform resource? Tie-in to an existing Let's Encrypt client, such as certbot or acme.sh?
Anything - but depends on how complex.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!