Automatically renewing certs with macOS Server?

bkendig · August 13, 2017, 12:36am

A Mac running the macOS Server software is managed with the Server app. So to renew my LetsEncrypt certificate on my Mac running macOS Server (latest version on macOS Sierra), I need to:

run certbot renew on my server
scp cert.pem and privkey.pem from the server to my desktop Mac
run the Server app and go into “Import a Certificate Identity”
drag cert.pem and privkey.pem into the window
change the pulldown menu to use the new certificate I just imported

Has anyone found a way to automate this, on a Mac? For example, where are the actual certificate files that the Mac server uses - maybe I could just overwrite them with a script?

Patches · August 13, 2017, 11:24am

The actual certificates are stored in a macOS specific store. There's a long sudo security command to import them in this guide on the forum:

bkendig · August 13, 2017, 3:28pm

Great, thank you! I hadn’t found that guide. I’ll try it in two months.

system · September 12, 2017, 3:28pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.