Interesting but far too complex for me


First of all, congratulations on the project.

I have a small network that includes a Mac OSX system that provides services such as email using Apple OSX server 5. By default the system generates its own self signed certificates in /etc/certificates that are used by all services. I figured that having Lets Encrypt certificates would mean that I could have proper validated certificates to get rid of those annoying untrusted certificate warnings when first connecting to the server. Also it would potentially allow me to use TLS on the postfix mail server for incoming mail requests for more secure mail.

Trouble is despite searching and reading all the posts about OSX, I just found myself confounded and gave up. The reason I use OSX server is simplicity. The server app is very basic and limited but is simple to use, but as my needs are modest it does the job adequately. Currently the easiest way to do this is to go to the server app, generate a csr and hop over to StartSSL to collect a free cert. The downside being that every year it needs renewing.

I am attracted by the idea of having auto renewing certificates but the barrier to lazy idiots like me is just too high. As far as I can see there is no easy way to set-up a way of getting new certificates in /etc/certificates and having them automatically renew. I’m not totally adverse to using the command line to get set-up but I just couldn’t do it.

Wishing you all the best with the idea, I hope someone with the knowledge and skills is able to come up with an easily workable solution for dummy mac users like me. I shall be watching with interest but for now it is way over my head.


Working on it. Hang tight. :wink:

In the meantime, you could use lego with cron and move the certificates to where you need them.