Setup LetsEncrypt with macOS 10.11.4+ and Server.app 5.1

MacSupport · August 12, 2016, 10:08am

This requires Homebrew (available at http://brew.sh/)

Install and Setup LetsEncrypt (Certbot)

brew update

sudo mkdir /etc/letsencrypt
sudo mkdir /var/lib/letsencrypt
sudo mkdir /var/log/letsencrypt

brew install letsencrypt

Create a Certificate:

sudo letsencrypt certonly --webroot -w /Library/Server/Web/Data/Sites/SiteRootDirectory -d pretendco.com -d www.pretendco.com

Convert and Import for Server.app

Save the following as a file on your server. It is a bash script to import the certificate into Keychain Access and make it available for Server.app

#!/bin/bash
RED='\033[0;31m'
YELLOW='\033[0;33m'
NC='\033[0m' # No Color

if [[ $UID != 0 ]]; then
    echo "Please run this script with sudo:"
    echo "sudo $0 $*"
    exit 1
fi

read -r -p "Type the domain name you would like to import (example.com), followed by [ENTER]: " thedomain

# bash generate random 32 character alphanumeric string (upper and lowercase)
TEMP_PASS=$(cat /dev/urandom | env LC_CTYPE=C tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)

echo "\n\n${YELLOW}Temp password created for import to Keychain Access: ${RED}"$TEMP_PASS"${NC}\n\n"

read -p "Export the $thedomain LetsEncrypt Cert to Keychain Access Format (.p12) [Y or N]: " -n 1 -r
echo    # (optional) move to a new line
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
    exit 1
fi

eval openssl pkcs12 -export -inkey /etc/letsencrypt/live/$thedomain/privkey.pem -in /etc/letsencrypt/live/$thedomain/cert.pem -certfile /etc/letsencrypt/live/$thedomain/fullchain.pem -out /etc/letsencrypt/live/$thedomain/letsencrypt_sslcert.p12 -passout pass:$TEMP_PASS

read -p "Import the $thedomain LetsEncrypt Cert to Keychain Access [Y or N]: " -n 1 -r
echo    # (optional) move to a new line
if [[ ! $REPLY =~ ^[Yy]$ ]]
then
    exit 1
fi

eval security import /etc/letsencrypt/live/$thedomain/letsencrypt_sslcert.p12 -f pkcs12 -k /Library/Keychains/System.keychain -P $TEMP_PASS -T /Applications/Server.app/Contents/ServerRoot/System/Library/CoreServices/ServerManagerDaemon.bundle/Contents/MacOS/servermgrd

Choose the Cert in Server.app

Quit Server.app if open
Open Server.app
Go to websites
Select your site and click the Edit button
Choose your LetsEncrypt certificate
Click Ok

system · September 11, 2016, 10:09am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Complete guide to install SSL certificate on your OS X server hosted website Server	1	62167	May 27, 2016
Tutorial for OS X local certificates and Shared Hosting Server	32	29839	July 3, 2017
Automating Keychain import on macOS Server	8	3282	August 10, 2017
Importing Created Certificates into macOS KeyChain & Server App Help	10	1423	April 10, 2023
Importing certificates into MacOS Server Help	3	909	March 14, 2023

Setup LetsEncrypt with macOS 10.11.4+ and Server.app 5.1

Related topics