Mac OS - Generate Lets Encrypt SSL Certificate
This is a guide on setting up free SSL certificate for Accessit Web App using Let’s Encrypt on Mac Servers. Generated certificates will also renew automatically.
Requirements:
- Accessit Web App must be available from the internet on port 80. Please see this article for more information: https://desk.zoho.com/portal/accessitsoftware/kb/articles/enabling-access-to-the-accessit-web-app-from-the-internet
- Domain name you wish to use for SSL certificate has to be assigned external IP and ideally also to internal IP of the Windows server/machine (Example: library.wellington.school.nz )
- Scripts for exporting certificate as .pfx. You can download them from: https://accessitsoftware.com/updates/reference/accessit-ssl-mac.zip
- Install Homebrew for Mac OS: https://brew.sh/
Steps:
1: Check external connection
Make sure that you can successfully load your Accessit Web App on port 80 from the internet.
In this guide we’ll be using http://library.accessit.online
If your Web App is using a different port externally (2000, 2001, 8080) then you’ll have to make changes in your Port Forwarding rules and Accessit Web App configuration. Details are available in: https://desk.zoho.com/portal/accessitsoftware/kb/articles/v9-change-web-app-port
You can also keep current port that is currently in use and specify additional connector in the server.xml file.
sudo nano /usr/local/accessit/tomee/conf/server.xml
Duplicate current <Connector entry and change port to 80.
Save the file and restart Accessit Web Service.
sudo launchctl unload /Library/LaunchDaemons/com.accessitsoftware.tomee.plist
sudo launchctl load /Library/LaunchDaemons/com.accessitsoftware.tomee.plist
2: Install Certbot
brew install letsencrypt
Unpack downloaded zip file ( https://accessitsoftware.com/updates/reference/accessit-ssl-mac.zip )
and save two scripts inside into /usr/local/accessit/Scripts folder. Then edit the accessit-ssl-export.sh file and update DOMAIN and PASSWORD variables. Domain must match publicly assigned domain.
3: Stop Accessit Web Service
sudo launchctl unload /Library/LaunchDaemons/com.accessitsoftware.tomee.plist
4: Generate Certificate
sudo certbot certonly –standalone
Follow the steps in certbot. At the end of the process, you should see Congratulations message.
5: Exporting
sudo /usr/local/accessit/Scripts/accessit-ssl-export.sh
Then go to C:\Program Files\Access-It Software\Accessit\tomee\conf folder and check if certificate was successfully generated.
If it’s there, then you can enable it in your Accessit Web App config (server.xml) by following steps in following article: https://desk.zoho.com/portal/accessitsoftware/kb/articles/v9-web-app-setting-up-https-ssl
5: Automatic Renewal
To setup automatic renewal of the Let's Encrypt certificate run this command:
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew --pre-hook '/usr/local/accessit/Scripts/accessit-web-stop.sh' --post-hook '/usr/local/accessit/Scripts/accessit-ssl-export.sh'" | sudo tee -a /etc/crontab > /dev/null
Related Articles
Windows - Generate Lets Encrypt SSL Certificate
This article discusses setting up a free SSL certificate for your Accessit Web App using Let’s Encrypt on Windows Servers. Generated certificates will also renew automatically. Requirements The Accessit Web App must be available from the internet on ...Moving servers from Mac Firebird SQL
How to move Accessit Library from one Firebird SQL server to another Firebird SQL MacOS Server. Prior to the server migration, first update the Access-It Management App to the latest build. You can download the updates through Library Setup -> ...