Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
I ran this command: (CLI) $fmsadmin certificate import /Library/FileMaker\ Server/CStore/fullchain.pem --keyfile /Library/FileMaker\ Server/CStore/privkey.pem
It produced this output:
Either it works with no errors but the certificate expiration remains the same (expiring in a few days)
or
“Certificate not imported, alias <Let’s Encrypt Authority X3> already exists”
My web server is (include version):
The operating system my web server runs on is (include version): MacOS 10.13.3
My hosting provider, if applicable, is:
I can login to a root shell on my machine (yes or no, or I don’t know): Yes
I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No
Additional notes: The fullchain.pem & privkey.pem the above command line targets are fresh created certbot, to the best of my knowledge (current time stamp), but for some reason doesn’t update the expiration date.
It seems a few things have changed since last I did this.
Before I was running certbot (~/letsencrypt/certbot)
Now that’s a folder.
There’s a ~/letsencrypt/certbot-auto
Same thing?
Seem to have unraveled the solution. chain.pem was apparently not the problem / fullchain.pem is ok.
On my end there were two problems:
It’s necessary to remove the existing certificate. For whatever reason the step is not included in the FMS auto installer GetSSL.sh.
Because the GetSSL.sh didn’t properly work without that step, in the process of trouble-shooting I confused an older fulllchain.pem with a newer one.
b) For updates it’s missing the “remove existing step”: “sudo fmsadmin certificate delete”
Reference for this helpful nugget here: https://community.filemaker.com/thread/177142
I added it as a step in GetSSL.sh with some long sleeps before running the install.
c) Not running the commands with root privileges (sudo) seems to fail without warning.