Hi ChristopherRaymond,
Thanks for posting this walkthrough, it's been very helpful getting Let's Encrypt working on my Mac Server running 10.11.6 and Server.App 5.1.7. I just had a couple of quick questions.
First, when it comes to renewal time, does the renewed cert need to be manually imported into the Server app via the terminal each time, or will it automatically detect the renewal after running
certbot renew --quiet
Have you put together any scripts to handle renewal that you might be willing to share?
Second, have you had any success with a reverse proxy setup? I have two http reverse proxies setup based on the instructions at Precursor Systems OS X Server 5 Reverse Proxy . I've gotten your instructions to work with the main domain and www, but when I try to use it to provide certs with my two other subdomains (sub1 on the same server and sub2 on another server on the local network), I'm getting the following error:
IMPORTANT NOTES: - The following errors were reported by the server:
Domain: sub1.example.com Type: connection Detail: Could not connect to http://sub1.example.com/.well-known/acme-challenge/CkNKHFlhIiedd9wTgsjNcjXigaT2XmlFr3VmS8rZ0r0
Domain: sub2.example.com Type: connection Detail: Could not connect to http://sub2.example.com/.well-known/acme-challenge/EWhvY-IE_n5FvTDZJkk1r1s3A55sEQwRc5dNg83dQlo
To fix these errors, please make sure that your domain name was entered correctly and the DNS A record(s) for that domain contain(s) the right IP address. Additionally, please check that your computer has a publicly routable IP address and that no firewalls are preventing the server from communicating with the client. If you're using the webroot plugin, you should also verify that you are serving files from the webfoot path you provided.
Would you happen to have any suggestions? Thanks in advance!