Hi Robert,
Install python3.9 and python3-cryptography packages on your AIX box:
dnf -y install python3-cryptography
Create a virtual environment for certbot and copy system packages into it:
/opt/freeware/bin/python3 -mvenv /path/to/certbot --system-site-packages
Start bash and activate the environment:
ksh# bash
bash$ source /path/to/certbot/bin/activate
Install pyOpenSSL 17.5.0:
pip3 install pyopenssl==17.5.0
Install certbot:
pip3 install certbot
Now you can use certbot without activating the python environment:
# /path/to/certbot/bin/certbot --version
certbot 2.10.0
# /path/to/certbot/bin/certbot --help
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
I hope it helps.
------------------------------
Andrey Klyachkin
https://www.power-devops.com------------------------------
Original Message:
Sent: Mon May 13, 2024 04:11 PM
From: Robert Johnson
Subject: TLS Certificate renewal automation on AIX 7.2
Hi Everyone,
We are trying to prepare for the eventual 90 certificate renewal mandate that is coming and wanted to see what others are doing to automate their TLS/SSL certificates on AIX. Our Linux servers can leverage Certbot, but that doesn't look pleasant to compile on AIX (or is it?). I see that acme.sh might be a possibility and maybe even just using pure bash or python since our CA has an API we can use.
What do you all use/recommend for doing automated certificate renewals? Anyone out there with some lessons learned from doing this?
Many thanks for any input!
-Robert
------------------------------
Robert Johnson
------------------------------