Automatically renewing certs with macOS Server?

bkendig · August 13, 2017, 12:36am

A Mac running the macOS Server software is managed with the Server app. So to renew my LetsEncrypt certificate on my Mac running macOS Server (latest version on macOS Sierra), I need to:

run certbot renew on my server
scp cert.pem and privkey.pem from the server to my desktop Mac
run the Server app and go into “Import a Certificate Identity”
drag cert.pem and privkey.pem into the window
change the pulldown menu to use the new certificate I just imported

Has anyone found a way to automate this, on a Mac? For example, where are the actual certificate files that the Mac server uses - maybe I could just overwrite them with a script?

Patches · August 13, 2017, 11:24am

The actual certificates are stored in a macOS specific store. There's a long sudo security command to import them in this guide on the forum:

bkendig · August 13, 2017, 3:28pm

Great, thank you! I hadn’t found that guide. I’ll try it in two months.

system · September 12, 2017, 3:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
macOS: duplicate certificates after renewal Server	1	1799	April 11, 2017
A script for cleanly installing/renewing letsencrypt certs on macOS Server Server	1	1190	February 1, 2019
Renewal works fine, but how do I get macOS to use new certificate instead of old? Help	6	1131	March 30, 2020
Problems importing certificate into MacOSX Server Server	3	741	January 31, 2019
Trouble Renewing Mac OS Server Certificate // Expired certificate - Need help Help	3	1905	May 22, 2020

Automatically renewing certs with macOS Server?

Related topics