How to Install LetsEncrypt Certificates with AMPSS on an iMac


#1

Hello. I have been successfully using LetsEncrypt certificates with MAMP PRO on my iMac for quite a while now. It’s a bit of a strange setup, but it works.

However, I am in process of switching from MAMP PRO to AMPPS on my iMac.

Currently, I am trying to enable SSL on my new AMPPS server using my LetsEncrypt certificates. I found some online information which pointed me to AMPSS/apache/conf in my “Applications” folder. Thus, I have located the following folders in the AMPPS apache/conf folder:

ssl_crl
ssl_crt
ssl_csr
ssl_key

In the “ssl_crt” folder, there are three files:

mydomain.com.crt
localhost.crt
server.crt

The “ssl_crl” folder is empty.

Finally, the “ssl_csr” folder contains these three files:

mydomain.com.csr
localhost.csr
server.csr

And in the “ssl_key” folder, there are also three files:

mydomain.com.key
localhost.key
server.key

Obviously, the ones that say “mydomain” above, actually have my real domain name. :slight_smile:

Assuming that this is the right place to put the certificates – that is, copies of them – my three-part question is the following. I have the following four certificate and key files issued to me by LetsEncrypt, which I renew via the Terminal app every three months:

cert1.crt
chain1.crt
fullchain1.crt
privkey1.key

It is my understanding that I only need to be concerned about where to put the last two files, although I could be mistaken.

So my first question is this:

Which file goes in which of the above-named four folders?

My second question is this:

Do I need to rename these files so that AMPPS recognizes them as valid certificate and key files?

My third question is this:

I am assuming that I am going to have to edit some conf files somewhere. Can you please tell me which ones, and exactly how to edit them?

If there is an even easier way to do this – such as somehow just pointing my server to “private/etc/letsencrypt” – I’d love to hear about it.

Thank you so much. I hope to hear from someone here soon.


#2

Gosh . . . over two weeks since I first posted this message, and still no reply from anyone? Am I to believe that out of the thousands of LetsEncrypt users, no one else here uses AMPPS, or has successfully installed LetsEncrypt certificates in a Mac OS X AMPPS setup? :frowning:


#3

Hi,

Please at least provide us a few things:

  1. Links to AMPPS Website
  2. Did you try to obtain a certificate from let’s encrypt?
  3. Have you tried to create a symbolic link that links let’s encrypt certs / keys / ca-chains to the file location?

Without any documentation from AMPPS… i’m having trouble answer your questions…
Also, it depends on how you setup AMPPS from your side (e.g. did you specify a chain file? a certificate file? or just the full chain? Does AMPPS accept .pem instead of .crt & .key?)

Thank you


#4

I had personally never heard of “AMPPS” before.

Probably the fullchain is the ssl_crt, the privkey is the ssl_key, and the crl and csr are irrelevant. In each case I would assume that you want the mydomain.com file to point to the associated Certbot-created file (that is, mydomain.com.key should point to privkey.pem and mydomain.com.crt should point to fullchain.pem).

You can probably use symbolic links pointing to the Certbot symbolic links, which I would expect would be in /etc/letsencrypt/live/mydomain.com; that is, mydomain.com.key could be a symbolic link to /etc/letsencrypt/live/mydomain.com/privkey.pem and mydomain.com.crt could be a symbolic link to /etc/letsencrypt/live/mydomain.com/fullchain.pem.

This is assuming that you want to replace your existing certificates in-place rather than editing your Apache configuration to refer to the Certbot-created files directly.


#5

Thank you Seth. I will give it a shot and see how it goes.


#6

Hello Steven. Thanks for your response. To answer your questions:

  1. https://www.ampps.com/

  2. Actually, as I noted in my original post above, I ALREADY have all necessary certificates from LetsEncrypt. In fact, I have been renewing them via the Terminal app every 90 days for quite a while now. However, that has been to use them in MAMP PRO. But lately, I have been trying to switch to AMPPS.

The problem is that the AMPPS certificate setup is substantially different from MAMP PRO, I have found no online documentation regarding how to set it up, and the AMPPS developers have not even responded to my inquiry in their support forum in a few weeks now. Their lack of support does not give me much confidence.

  1. No I haven’t tried symbolic links, or anything for that matter, the reason being — as I explain in my original post — that there are THREE files in each of the certificate folders, and I am not sure which one of the three I am supposed to use in each folder, whether or not I need to rename my LetsEncrypt files, etc. Lack of the right answers to these questions has prevented me from proceeding forward with this.

  2. As I said, I haven’t specified any files yet, because I am not sure which ones to choose in each of the folders.

  3. I have no idea whether or not AMPPS accepts .pem files. If it is like MAMP PRO, I suspect that it does not. With MAMP PRO I had to not only rename the files to .crt and .key, but I also had to make copies of the originals — from the “live” or “archived” folder, as I recall – and create a new folder in the LetsEncrypt directory.

I kept trying to make symbolic links, but Mac OS X kept making aliases instead, which did not work.

To make matters worse, apparently, in the most recent releases of their MAMP PRO software — 4.5 to 5.0.3 – Appsolute has made it impossible for MAMP PRO to view the invisible files in etc or anywhere else. So I was forced to use their new location which uses visible files inside the MAMP folder itself. But at least it works.

While I would really like to get SSL working in AMPPS, so that I can use it as a my main or backup server setup, for now, I finally got MAMP PRO working properly again, so I have switched back to MAMP PRO, and the certificates are working fine in it, as they have been for many months now.


#7

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.