Mac OS - Generate Lets Encrypt SSL Certificate

Mac OS - Generate Lets Encrypt SSL Certificate

 

This is a guide on setting up free SSL certificate for Accessit Web App using Let’s Encrypt on Mac Servers. Generated certificates will also renew automatically. 


 Requirements: 


  1. Accessit Web App must be available from the internet on port 80. Please see this article for more information: https://desk.zoho.com/portal/accessitsoftware/kb/articles/enabling-access-to-the-accessit-web-app-from-the-internet 
  2. Domain name you wish to use for SSL certificate has to be assigned external IP and ideally also to internal IP of the Windows server/machine (Example: library.wellington.school.nz ) 
  3. Scripts for exporting certificate as .pfx. You can download them from: https://accessitsoftware.com/updates/reference/accessit-ssl-mac.zip 
  4. Install Homebrew for Mac OS: https://brew.sh/ 

Steps: 


1: Check external connection

Make sure that you can successfully load your Accessit Web App on port 80 from the internet. 
In this guide we’ll be using http://library.accessit.online 


 


If your Web App is using a different port externally (2000, 2001, 8080) then you’ll have to make changes in your Port Forwarding rules and Accessit Web App configuration.  Details are available in: https://desk.zoho.com/portal/accessitsoftware/kb/articles/v9-change-web-app-port 


You can also keep current port that is currently in use and specify additional connector in the server.xml file.  

sudo nano /usr/local/accessit/tomee/conf/server.xml 

Duplicate current <Connector entry and change port to 80. 

 

Save the file and restart Accessit Web Service. 

sudo launchctl unload /Library/LaunchDaemons/com.accessitsoftware.tomee.plist 

sudo launchctl load /Library/LaunchDaemons/com.accessitsoftware.tomee.plist 


2: Install Certbot

Make sure that you have Homebrew installed and then install certbot 


brew install letsencrypt 


Unpack downloaded zip file ( https://accessitsoftware.com/updates/reference/accessit-ssl-mac.zip )  
and save two scripts inside into /usr/local/accessit/Scripts folder. Then edit the accessit-ssl-export.sh file and update DOMAIN and PASSWORD variables. Domain must match publicly assigned domain. 


 
 

3: Stop Accessit Web Service

sudo launchctl unload /Library/LaunchDaemons/com.accessitsoftware.tomee.plist 


4: Generate Certificate

sudo certbot certonly –standalone 


Follow the steps in certbot. At the end of the process, you should see Congratulations message. 


5: Exporting

Export the certificate in the .pfx format by running: 

sudo /usr/local/accessit/Scripts/accessit-ssl-export.sh  

 
Then go to C:\Program Files\Access-It Software\Accessit\tomee\conf folder and check if certificate was successfully generated. 
 
If it’s there, then you can enable it in your Accessit Web App config (server.xml) by following steps in following article: https://desk.zoho.com/portal/accessitsoftware/kb/articles/v9-web-app-setting-up-https-ssl 


5: Automatic Renewal

To setup automatic renewal of the Let's Encrypt certificate run this command: 


echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew --pre-hook '/usr/local/accessit/Scripts/accessit-web-stop.sh' --post-hook '/usr/local/accessit/Scripts/accessit-ssl-export.sh'" | sudo tee -a /etc/crontab > /dev/null 

    • Related Articles

    • Windows - Generate Lets Encrypt SSL Certificate

      This article discusses setting up a free SSL certificate for your Accessit Web App using Let’s Encrypt on Windows Servers. Generated certificates will also renew automatically. Requirements The Accessit Web App must be available from the internet on ...
    • Moving servers from Mac Firebird SQL

      How to move Accessit Library from one Firebird SQL server to another Firebird SQL MacOS Server. Prior to the server migration, first update the Access-It Management App to the latest build. You can download the updates through Library Setup -> ...