# Deploy LetsEncrypt cert to Palo Alto Networks Next-generation Firewall
This is a POC of an [acme.sh](http://acme.sh) deployment hooks that automatically
deploys the new certificate to a Palo Alto Networks firewall.
More information on deployment script:
https://github.com/Neilpang/acme.sh/wiki/deployhooks
## Usage
Step 1: Copy the included file (`panw.sh`) to your acme.sh deploy script
directory: `$HOME/.acme.sh/deploy/panw.sh`
Step 2: Get a LetsEncrypt certicate for your firewall:
`acme.sh --issue -d firewall.example.com`
Step 3: Deploy the LetsEcrypt certificate to your firewall:
`acme.sh --deploy -d firewall.example.com --deploy-hook panw`
Step 4: Commit.
At this time, the commit must be done manually on the firewall
itself. In the future, the commit could be triggered on a specific LetsEncrypt
user on the firewall so that only the certificate gets commited and not other
changes made by firewall administrators.