Use of $free LetsEncrypt SSL certificates with FMS

As part of my road-testing of FMS19 for Linux, I decided to see if I could get it working with a free LetsEncrypt SSL Certificate. Here are my results :slight_smile:

  • FMS Admin Console - YES
  • Connection from FMPro 19 (Yes, Windows and Mac)
  • Connection from FMPro 18 (Yes, Windows and Mac)
  • Earlier versions of FMPro - not supported by FMS19 anyway
  • Filemaker Go 19 for iPhone on iOS 13.x - YES
  • Filemaker Go 18 for iPhone on iOS 13.x - YES
  • Earlier versions of Filemaker Go - not supported by FMS19 anyway

However :
WebDirect - not working yet. May not work at all.

If this is deemed worth pursuing, I can look into the different methods of automatically renewing them every 90 days (cause you don't get any points deploying a free SSL if it fails after only a few months).


Web Direct worked for us on Linux once you installed Java libraries.
There is a dialog for that coming up if you enable Web Direct.

1 Like

You can make it set-and-forget. A batch file calling certbot to renew the domains works nicely now. In earlier versions you had to make the renew request within the correct time frame. Nowadays, the renew request is politely ignored until it needs to be addressed. So you can have it running on a weekly schedule to handle all the domains on that server.


How about some nice instructions for a dummy on how to install LetsEncrypt it on FMS for Linux?


I would love instructions for dummies on Windows FMS as well.

That's good to know. Yes, I remember reading that the original idea was to issue a certificate for 90 days, and then submit a renewal request some time inbetween day 60 and day 90. Obviously they do not want their servers to be overwhelmed, like any API/gateway service., especially when it's free. Are you using the HTTP method, or the DNS CNAME method to do the verification?

I'd love to update this to automatically reboot FMS safely in the middle of the night after updating the cert. We have it working nicely, except for the auto reboot, on several FMS servers. :slight_smile:

Mac OS Install Instructions:

  • Put in MacHD/User/Shared
  • Edit
  • /usr/bin/ruby -e "$(curl -fsSL"
  • brew install certbot
  • cd /Users/Shared
  • sudo chmod 777
  • sudo ./
  • In Terminal: sudo /bin/sh /Users/Shared/
  • To renew, run the terminal command and reboot FMS. file:


# Created by: David Nahodyl, Blue Feather
# Contact:
# Date: 5/7/2019
# Version: 0.4

# Need help? We can set this up to run on your server for you! Send an email to 
# or give a call at (770) 765-6258

# Change the domain variable to the domain/subdomain for which you would like
# an SSL Certificate

# Change the contact email address to your real email address so that Let's Encrypt
# can contact you if there are any problems #>

# Enter the path to your FileMaker Server directory, ending in a slash 
SERVER_PATH="/Library/FileMaker Server/"


# --- you shouldn't need to edit anything below this line
# --- spoiler: we did below on serverKey path


# Get the certificate
certbot certonly --webroot -w "$WEB_ROOT" -d $DOMAIN --agree-tos -m "$EMAIL" --preferred-challenges "http" -n

cp "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" "${SERVER_PATH}CStore/fullchain.pem"
cp "/etc/letsencrypt/live/${DOMAIN}/privkey.pem" "${SERVER_PATH}CStore/privkey.pem"

chmod 640 "${SERVER_PATH}CStore/privkey.pem"

# Move an old certificate, if there is one, to prevent an error
# changed to server.pem as that seems to be used by fm now instead
mv "${SERVER_PATH}CStore/server.pem" "${SERVER_PATH}CStore/serverKey-old.pem"

# Remove the old certificate
fmsadmin certificate delete --yes -u ${FMADMIN} -p ${FMPASS}

# Install the certificate
fmsadmin certificate import "${SERVER_PATH}CStore/fullchain.pem" --keyfile "${SERVER_PATH}CStore/privkey.pem" -y -u ${FMADMIN} -p ${FMPASS}
1 Like

On the two servers that we're maintaining we are running nginx so we initially run a request from the command line. For renewals, everything is in cron on a weekly schedule.