I've been experimenting with LetsEncrypt on my development server and while Apache is happy, FileMakerServer is not. The server is reporting that the certificate expired yesterday. It seems that I'll need to schedule a re-import of the updated certificate every three months if I'm going to use LetsEncrypt certificates.
I'm confused by the differences in terminology. LetsEncrypt generates four .pem files: cert.pem, chain.pem, fullchain.pem and privkey.pem. In FMS we are being asked for a signed certificate, a private key and optionally an intermediate certificate. From the FMS dashboard, when I select privkey.pem it does not accept it, so I'm not sure what to do now.
I'd be happy to do this from the command-line too.
Has anyone else been doing this?
I found what I was looking for. The Blue Feather Group have written a bash script which will create and install an SSL certificate. The script is on github: FileMaker-LetsEncrypt-Mac/GetSSL.sh at 0e6799756d3a7bc034d18bffed96984f0d4467d7 · BlueFeatherGroup/FileMaker-LetsEncrypt-Mac · GitHub and you can give Blue Feather some SSO-love-juice by reading their article at Let's Encrypt SSL Certificates - Blue Feather. They have a similar script for Windows machines on github and you'll find a video by them on YouTube.
I want to renew a certificate, so I only have to modify the bash script. At line 30 the script calls certbot to create a certificate. As of version 0.10.0, Certbot supports a
renew action to check all installed certificates for impending expiry and attempt to renew them. The simplest form is simply, "certbot renew". There is plenty of extra information about this at: User Guide — Certbot 1.10.0.dev0 documentation
With that modification the script is probably suitable to be scheduled to run regularly using LaunchCtl. A nice tweak would be to test the result from the call to certbot and only proceed when a new certificate is obtained.