FileMaker Server - Trouble Renewing

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: db.trillionpictures.com

I ran this command: (CLI) $fmsadmin certificate import /Library/FileMaker\ Server/CStore/fullchain.pem --keyfile /Library/FileMaker\ Server/CStore/privkey.pem

It produced this output:
Either it works with no errors but the certificate expiration remains the same (expiring in a few days)
or
“Certificate not imported, alias <Let’s Encrypt Authority X3> already exists”

My web server is (include version):

The operating system my web server runs on is (include version): MacOS 10.13.3

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Additional notes: The fullchain.pem & privkey.pem the above command line targets are fresh created certbot, to the best of my knowledge (current time stamp), but for some reason doesn’t update the expiration date.

Hi,

did you try to restart the server (after certificate import)?

Thank you

Restarted the server and the machine multiple times. Just tried again, to be sure.
Same issue.

It seems a few things have changed since last I did this.
Before I was running certbot (~/letsencrypt/certbot)
Now that’s a folder.
There’s a ~/letsencrypt/certbot-auto
Same thing?

According to their documentation you need to use cert.pem and chain.pem instead of fullchain.pem, as follows:

fmsadmin certificate import cert.pem --keyfile privkey.pem --IntermediateCA chain.pem

https://support.filemaker.com/s/answerview?language=en_US&anum=14176

Edited from an almost correct guess after I read the manual

1 Like

Seem to have unraveled the solution. chain.pem was apparently not the problem / fullchain.pem is ok.

On my end there were two problems:

  1. It’s necessary to remove the existing certificate. For whatever reason the step is not included in the FMS auto installer GetSSL.sh.
  2. Because the GetSSL.sh didn’t properly work without that step, in the process of trouble-shooting I confused an older fulllchain.pem with a newer one.

In more detail:

a) GetSSL.sh is helpful for seeing MacOS CLI install steps one by one. I’ve had success using it to execute a first-time install. Get it here: https://bluefeathergroup.com/blog/lets-encrypt-ssl-certificates-for-filemaker-server-for-mac/ (for Windows: https://bluefeathergroup.com/blog/how-to-use-lets-encrypt-ssl-certificates-with-filemaker-server). If you run it, do so with root privileges: “sudo GetSSL.sh”, but it’s perhaps for valuable as a reference.

b) For updates it’s missing the “remove existing step”: “sudo fmsadmin certificate delete”
Reference for this helpful nugget here: https://community.filemaker.com/thread/177142
I added it as a step in GetSSL.sh with some long sleeps before running the install.

c) Not running the commands with root privileges (sudo) seems to fail without warning.

Hope that’s helpful

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.