Problems importing certificate into MacOSX Server


#1

A few months ago, I came here asking how I should go about renewing a certificate. With the errors I was getting, I was told to just get a new certificate. This worked fine for a few months, and I went through 3-4 different certificates without any problems. However, now there appears to have been an update to certbot, and the certificates generated by the same command are different.

Before, 6 files were generated:
cert.pem
chain.pem
fullchain.pem
privkey.pem
letsencrypt_sslcert.p12
README

Now, the same files are generated, excluding the ‘letsencrypt_sslcert.p12’ one.

Before, I was able to successfully import my certificate into MacOSX server by importing ‘privkey.pem’. However, now, this does nothing. No matter what I import, there are no errors, messages, or dialogs.

I’ve tried restarting MacOSX Server, which did nothing, in addition to deleting the certificate and regenerating another.

This is the command I used to generate the certificates (Keep in mind that this command worked multiple times before): sudo certbot certonly --manual --preferred-challenges http

I’m running Server 5.2, on MacOSX El Capitan (10.11.6)

My domain is cvprogramming.tk


#2

I’m not familiar with a certbot parameter that can create the p12 file automatically.
I do know that you can create such files using other tools (like OpenSSL); and that you can also automate that creation using a --deploy-hook parameter to call the program that will create the file for you.


#3

The letsencrypt_sslcert.p12 file has never been one created directly by any version of Certbot. I’m absolutely positive of that because I wrote the first version of the code that creates the four files cert.pem, chain.pem, fullchain.pem, privkey.pem and have been working on the project ever since then.

There seem to be a couple of tutorials on Certbot for macOS that suggest using that filename

https://duckduckgo.com/?q=“letsencrypt_sslcert.p12”

(I assume that different people’s tips may have ended up with the same filename by copying suggested commands from one another.)

It’s possible that you had some kind of script (like a deploy-hook script which @rg305 mentions) which used to automatically update this file for you, and perhaps, if so, that script is no longer being run automatically.

Could you try looking at some of these tutorials to see if any of them refresh your memory about whether you may have done some additional p12-related setup either at the very beginning or periodically when renewing your certificates? (They should also include some helpful commands if you do want to recreate the updated p12 file yourself right now.)