Submit .pem files

jgorman · March 13, 2020, 9:26pm

Hi,

Is there a way to submit the serverKey.pem and serverRequest.pem files to get a certificate? No certbot involved?

_az · March 13, 2020, 9:33pm

You should never disclose serverKey.pem to anybody at all (not even Let’s Encrypt), the security of your certificate depends on it.

The idea in a CSR (serverRequest.pem) is that it proves you have control of the private key (serverKey.pem) while keeping it entirely private.

Anyway, sure. You can use web-based tools like https://zerossl.com/free-ssl/#crt to submit your CSR and receive a certificate in exchange. You would copy the contents of serverRequest.pem into the text box that says “Paste your CSR or leave it blank to generate.”.

Needless to say, you will have to repeat the process every 60-90 days, by hand.

jgorman · March 13, 2020, 9:46pm

Hi,

Thanks for the education about the serverkey.pem. I want to get a certificate that wont require constant manual renewal. Is there any way to do that?

Thank You,
Jeff

9peppe · March 13, 2020, 9:52pm

Of course.

Choose one of the many available clients and set it up for autorenewal:

Osiris · March 13, 2020, 9:57pm

Short answer: yes, in general it is possible.

Long answer: we need a lot more information about your setup to answer that question with more detail. We don't have crystal balls in which we magically can get every bit of information we need. For that we need you to provide us with that information. If full automation is possible depends on the software and hardware used et cetera.

jgorman · March 13, 2020, 10:14pm

Hi All,

Thanks again for your help. I’m new to this. I need a few certs for different things. The one I am asking about is to use with FileMaker server. It has a command line that generates it’s pem files. I want to use the pem to get a crt that will auto renew and insert it into filemaker.

Thank You,
Jeff

_az · March 13, 2020, 10:40pm

You will need to look for what other people have done for FileMaker + automatic Let’s Encrypt renewal.

Here is one example blog post, for FileMaker running on macOS + Certbot + a custom renewal script: https://bluefeathergroup.com/blog/lets-encrypt-ssl-certificates-for-filemaker-server-for-mac/

From what I can see, the custom renewal script should renew your certificate and automatically restart FileMaker. Perhaps try following along with the blog post and see how far you can get.

jgorman · March 13, 2020, 10:56pm

Nice. Will do.
Thank You,
Jeff

system · April 12, 2020, 10:56pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.