Use of $free LetsEncrypt SSL certificates with FMS

HalGumbert · June 4, 2020, 4:43pm

I'd love to update this to automatically reboot FMS safely in the middle of the night after updating the cert. We have it working nicely, except for the auto reboot, on several FMS servers.

Mac OS Install Instructions:

Put LE_GetSSL.sh in MacHD/User/Shared
Edit LE_GetSSL.sh
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
brew install certbot
cd /Users/Shared
sudo chmod 777 LE_GetSSL.sh
sudo ./LE_GetSSL.sh
In Terminal: sudo /bin/sh /Users/Shared/LE_GetSSL.sh
To renew, run the terminal command and reboot FMS.

LE_GetSSL.sh file:

#!/bin/sh

# Created by: David Nahodyl, Blue Feather
# Contact: contact@bluefeathergroup.com
# Date: 5/7/2019
# Version: 0.4

# Need help? We can set this up to run on your server for you! Send an email to 
# contact@bluefeathergroup.com or give a call at (770) 765-6258

# Change the domain variable to the domain/subdomain for which you would like
# an SSL Certificate
DOMAIN="foo.domain.com"

# Change the contact email address to your real email address so that Let's Encrypt
# can contact you if there are any problems #>
EMAIL="foo@domain.com"

# Enter the path to your FileMaker Server directory, ending in a slash 
SERVER_PATH="/Library/FileMaker Server/"

FMADMIN="fmConsoleLogin"
FMPASS="fmConsolePassword"

#
# --- you shouldn't need to edit anything below this line
# --- spoiler: we did below on serverKey path

WEB_ROOT="${SERVER_PATH}HTTPServer/htdocs"


# Get the certificate
certbot certonly --webroot -w "$WEB_ROOT" -d $DOMAIN --agree-tos -m "$EMAIL" --preferred-challenges "http" -n

cp "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" "${SERVER_PATH}CStore/fullchain.pem"
cp "/etc/letsencrypt/live/${DOMAIN}/privkey.pem" "${SERVER_PATH}CStore/privkey.pem"

chmod 640 "${SERVER_PATH}CStore/privkey.pem"

# Move an old certificate, if there is one, to prevent an error
# changed to server.pem as that seems to be used by fm now instead
mv "${SERVER_PATH}CStore/server.pem" "${SERVER_PATH}CStore/serverKey-old.pem"

# Remove the old certificate
fmsadmin certificate delete --yes -u ${FMADMIN} -p ${FMPASS}

# Install the certificate
fmsadmin certificate import "${SERVER_PATH}CStore/fullchain.pem" --keyfile "${SERVER_PATH}CStore/privkey.pem" -y -u ${FMADMIN} -p ${FMPASS}

Topic		Replies	Views
Updating LetsEncrypt Certs in FMS Questions	2	341	October 9, 2020
Deploying FileMaker Server on Ubuntu Linux with Let's Encrypt SSL Resources security , server , filemaker-server	7	359	February 22, 2023
Renewing LetsEncrypt SSL certificates. Cannot decrypt the private key file Questions filemaker-server , command-line	1	351	June 7, 2023
Upgrade FDS → FMS? Questions distributable , jre , ssl-certificate , install	19	334	February 14, 2021
How do you refresh a two-year SSL certificate the second year? Questions community	4	330	February 6, 2022

Use of $free LetsEncrypt SSL certificates with FMS

Related topics