10-18-2018 01:30 PM - edited 10-18-2018 01:32 PM
For everyone that's interested in Let's Encrypt integration with PAN-OS:
Hi, my name is Garfield and I work here at Palo Alto Networks in the developer relations team. I'm wanting to get a feel for the interest and expectations of a Let's Encrypt integration. I'd very much appreciate anyone who's interested in a Let's Encrypt integration to respond to this thread with some information about their setup and expectations.
I'd like to separate this discussion into a few parts: what integrations today are doing, what can be done to help that in the short term, and what the expectation for the end result could look like.
Today: given that there is currently no native Let's Encrypt client on PAN-OS, people that are using Let's Encrypt certs on PAN-OS today are, to my knowledge, running a client on some (linux) host to renew the certs, then uploading the certs to their PAN-OS.
End-goal: I assume that the desired end-result is that PAN-OS runs Let's Encrypt natively, doing cert renewal automatically behind the scenes.
So here's the questions I have:
1) If you're currently using Let's Encrypt certs with PAN-OS and your workflow does not look like the above, can you briefly describe it?
2) Is your desired end goal that PAN-OS runs Let's Encrypt natively? If not, what is your desired end goal?
3) In between the end goal and now, would you want a stop-gap solution?
4) If you want a stop-gap solution, what form should it take? A standalone executable / script? Ansible module? Terraform resource? Tie-in to an existing Let's Encrypt client, such as certbot or acme.sh?
Thanks in advance for the feedback!