FileMaker Server 18 - Letsencrypt

Mai 25, 2019 Kladde

Den FileMaker Server auf dem Mac mit einem Zertifikat von Letsencrypt absichern. Zuletzt getestet mit FileMaker Server 18 auf einem Mac mini mit macOS Mojave 10.14.6.

ist momentan noch jedesmal per Hand zu erneuern, diese Seite wird noch ergänzt

Installation

Homebrew installieren

# /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

certbot installieren

# brew install certbot

zum Webroot linken

# cd /Library/WebServer
# sudo ln -s /Library/FileMaker\ Server/HTTPServer/htdocs/

Cert holen, webroot ist: /Library/WebServer/htdocs

# sudo certbot certonly --webroot -d fm.comodin.com --agree-tos -m fm@comodin.com --preferred-challenges "http"
    Password:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for fm.comodin.com
Input the webroot for fm.comodin.com: (Enter 'c' to cancel): /Library/WebServer/htdocs
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/fm.comodin.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/fm.comodin.com/privkey.pem
   Your cert will expire on 2019-08-21. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Certs für Filemaker kopieren

# sudo cp /etc/letsencrypt/live/fm.comodin.com/privkey.pem /Library/FileMaker\ Server/CStore/privkey.pem
# sudo cp /etc/letsencrypt/live/fm.comodin.com/fullchain.pem /Library/FileMaker\ Server/CStore/fullchain.pem

Rechte anpassen, damit das Webinderface der admin-console das Cert sehen kann.

# sudo chmod 644 /Library/FileMaker\ Server/CStore/privkey.pem

fertig

Server neustarten, am besten den ganzen Mac.

Wartung

cert prüfen

$ sudo certbot certificates
Password:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: fm.comodin.com
    Domains: fm.comodin.com
    Expiry Date: 2020-09-18 03:34:24+00:00 (VALID: 81 days)
    Certificate Path: /etc/letsencrypt/live/fm.comodin.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/fm.comodin.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

erneuern

# sudo certbot renew
Password:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/fm.comodin.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator standalone, Installer None
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for fm.comodin.com
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/fm.comodin.com/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/fm.comodin.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -