Automatically renewing certs with macOS Server?

A Mac running the macOS Server software is managed with the Server app. So to renew my LetsEncrypt certificate on my Mac running macOS Server (latest version on macOS Sierra), I need to:

  • run certbot renew on my server
  • scp cert.pem and privkey.pem from the server to my desktop Mac
  • run the Server app and go into “Import a Certificate Identity”
  • drag cert.pem and privkey.pem into the window
  • change the pulldown menu to use the new certificate I just imported

Has anyone found a way to automate this, on a Mac? For example, where are the actual certificate files that the Mac server uses - maybe I could just overwrite them with a script?

The actual certificates are stored in a macOS specific store. There's a long sudo security command to import them in this guide on the forum:

Great, thank you! I hadn’t found that guide. I’ll try it in two months. :smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.