Mac OS - Generate Lets Encrypt SSL Certificate
This is a guide on setting up free SSL certificate for Accessit Web App using Let’s Encrypt on Mac Servers. Generated certificates will also renew automatically.
Requirements:
- Accessit Web App must be available from the internet on port 80. Please see this article for more information: https://desk.zoho.com/portal/accessitsoftware/kb/articles/enabling-access-to-the-accessit-web-app-from-the-internet
- Domain name you wish to use for SSL certificate has to be assigned external IP and ideally also to internal IP of the Windows server/machine (Example: library.wellington.school.nz )
- Scripts for exporting certificate as .pfx. You can download them from: https://accessitsoftware.com/updates/reference/accessit-ssl-mac.zip
- Install Homebrew for Mac OS: https://brew.sh/
Steps:
1: Check external connection
Make sure that you can successfully load your Accessit Web App on port 80 from the internet.
In this guide we’ll be using http://library.accessit.online
If your Web App is using a different port externally (2000, 2001, 8080) then you’ll have to make changes in your Port Forwarding rules and Accessit Web App configuration. Details are available in: https://desk.zoho.com/portal/accessitsoftware/kb/articles/v9-change-web-app-port
You can also keep current port that is currently in use and specify additional connector in the server.xml file.
sudo nano /usr/local/accessit/tomee/conf/server.xml
Duplicate current <Connector entry and change port to 80.
Save the file and restart Accessit Web Service.
sudo launchctl unload /Library/LaunchDaemons/com.accessitsoftware.tomee.plist
sudo launchctl load /Library/LaunchDaemons/com.accessitsoftware.tomee.plist
2: Install Certbot
brew install letsencrypt
Unpack downloaded zip file ( https://accessitsoftware.com/updates/reference/accessit-ssl-mac.zip )
and save two scripts inside into /usr/local/accessit/Scripts folder. Then edit the accessit-ssl-export.sh file and update DOMAIN and PASSWORD variables. Domain must match publicly assigned domain.
3: Stop Accessit Web Service
sudo launchctl unload /Library/LaunchDaemons/com.accessitsoftware.tomee.plist
4: Generate Certificate
sudo certbot certonly –standalone
Follow the steps in certbot. At the end of the process, you should see Congratulations message.
5: Exporting
sudo /usr/local/accessit/Scripts/accessit-ssl-export.sh
Then go to C:\Program Files\Access-It Software\Accessit\tomee\conf folder and check if certificate was successfully generated.
If it’s there, then you can enable it in your Accessit Web App config (server.xml) by following steps in following article: https://desk.zoho.com/portal/accessitsoftware/kb/articles/v9-web-app-setting-up-https-ssl
5: Automatic Renewal
To setup automatic renewal of the Let's Encrypt certificate run this command:
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew --pre-hook '/usr/local/accessit/Scripts/accessit-web-stop.sh' --post-hook '/usr/local/accessit/Scripts/accessit-ssl-export.sh'" | sudo tee -a /etc/crontab > /dev/null
Related Articles
Windows - Generate Lets Encrypt SSL Certificate
This is a guide on setting up free SSL certificate for Accessit Web App using Let’s Encrypt on Windows Servers. Generated certificates will also renew automatically. Requirements: Accessit Web App must be available from the internet on port 80. ...V9 Moving Servers - Mac Firebird SQL
Here is a quick guide on how to move Accessit Library from one Firebird SQL server to another (presumably newer) Firebird SQL MacOS Server. Prior to the server migration, first update the Access-It Management App to the latest build. You can download ...New Features Summary 9.2.9
Management App New: Option to change letter measurements The ability to switch between metric & imperial measurement systems has been added for Correspondence editor and Advanced labels. This can be changed in Library Setup > Campus Setup > Report ...