MAMP Pro: Let's Encrypt SSL Certificates (Create / Install / Usage) - Mac OS X
Posted: Fri Jan 22, 2021 9:57 pm
Let's Encrypt is a free, automated, and open Certificate Authority (CA) brought to you by the non-profit Internet Security Research Group (ISRG). Several MAMP / MAMP Pro users utilize Let's Encrypt SSL certificates for their development and production environments because they are free. Let's Encrypt SSL's expire every 90 days or 3 months, therefore they must be renewed more often than other paid SSL's. However, you can easily automate Let's Encrypt SSL renewals which we will outline below.
Install HomeBrew for Let's Encrypt CertBot - Mac OS X
1. In order to create and install Let's Encrypt SSL certificates on Mac OS X with MAMP, we need to utilize CertBot. CertBot allows us to request and renew SSL certificates from Let's Encrypt. To get started, we need to install Homebrew which will allow us to install CertBot. Homebrew is a package manager for Mac OS X.
2. The HomeBrew website tells us to use the following command in Terminal to install. Visit the HomeBrew website to confirm you are using the latest command. Type the following command in Terminal:
3. Hit return to continue installing HomeBrew. You will need to enter your Mac OS X account password. The HomeBrew install will take about 5-10 minutes depending on your Internet speed and whether or not you have command line tools already installed.
Install CertBot - Mac OS X
1. In Terminal, type the following command to install CertBot.
Note: If you already installed CertBot from a previous install, you can check to upgrade CertBot. Use command 'brew upgrade certbot'.
Create a Let's Encrypt SSL Certificate Using CertBot
1. We are ready to create SSL certificates. First, identify your website host root directory in MAMP for the website domain you want to create the SSL certificate for. For example,. Next, replace your website directory path and domain name with the command below. This generates a www and non-www version SSL for your domain name.
2. If successful, CertBot will create your first SSL certificates as well as new folders for which future SSL certificates will be stored in.
Note: In order for CertBot to create you an SSL certificate, it must validate your domain name. CertBot will create a well-known hidden folder inside your website root host and pass a temporary challenge acme key. Therefore, you will need to enable MAMP Pro for external access to your website host. In addition, you will need to ensure CertBot can access your website root directory. Sometimes, .htaccess redirects can conflict with this and cause the process to fail.
Setup Correct Permissions for CertBot (Let's Encrypt) SSL Certificates - Mac OS X
1. CertBot created the following directory:. You can access it using the Go menu of Mac OS X and typing that path.
2. The letsencrypt directory contains your SSL certificate folders. We need to change permissions for the archive and live folders.
3. Right-click on the archive and live folders and open their permissions (Get info -> Sharing & Permissions). Add your Mac OS X user and grant read & write access to each folder. Click Apply to enclosed items...
Add Let's Encrypt SSL Certificate to MAMP Pro Host - Mac OS X
1. Now, we'll add our SSL certificates to our MAMP Pro website host. Select your website host in MAMP Pro -> SSL Tab -> Check SSL Box and select your MAMP Pro SSL certificates accordingly to add them to your host. We want to select the SSL Alias' files in the live folder so when we auto-renew our SSL's, we don't have to update the files again in MAMP Pro. Open each SSL certificate file in MAMP Pro accordingly.
SSL Live Folder Path:
Do not check Automatically resolve selected alias or symbolic link when clicking 'Choose'.
The MAMP Pro Certificate file is:
The MAMP Pro Key file is:
The MAMP Pro Certificate Chain file is:
2. Click Save. MAMP Pro will restart services.
Validate MAMP Pro Let's Encrypt SSL Certificates Installation
1. Let's ensure we correctly installed the SSL certificates in MAMP Pro for our website. Browse to your website using a browser such as Google Chrome to display the SSL certificate. You should see similar language below.
The connection to this site is using a valid, trusted server certificate issued by Let's Encrypt Authority X3.
You can also use an SSL checker service here.
*To get CertBot to automatically check for SSL certificate renewals for your websites each day, follow this post.
Install HomeBrew for Let's Encrypt CertBot - Mac OS X
1. In order to create and install Let's Encrypt SSL certificates on Mac OS X with MAMP, we need to utilize CertBot. CertBot allows us to request and renew SSL certificates from Let's Encrypt. To get started, we need to install Homebrew which will allow us to install CertBot. Homebrew is a package manager for Mac OS X.
2. The HomeBrew website tells us to use the following command in Terminal to install. Visit the HomeBrew website to confirm you are using the latest command. Type the following command in Terminal:
Code: Select all
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
3. Hit return to continue installing HomeBrew. You will need to enter your Mac OS X account password. The HomeBrew install will take about 5-10 minutes depending on your Internet speed and whether or not you have command line tools already installed.
Install CertBot - Mac OS X
1. In Terminal, type the following command to install CertBot.
Code: Select all
brew install certbot
Note: If you already installed CertBot from a previous install, you can check to upgrade CertBot. Use command 'brew upgrade certbot'.
Create a Let's Encrypt SSL Certificate Using CertBot
1. We are ready to create SSL certificates. First, identify your website host root directory in MAMP for the website domain you want to create the SSL certificate for. For example,
Code: Select all
/Users/Applications/MAMP/htdocs/mysite.com
Code: Select all
sudo certbot certonly --webroot -w /YOUR-USER/Applications/MAMP/htdocs/mysite.com -d mysite.com -d www.mysite.com
2. If successful, CertBot will create your first SSL certificates as well as new folders for which future SSL certificates will be stored in.
Note: In order for CertBot to create you an SSL certificate, it must validate your domain name. CertBot will create a well-known hidden folder inside your website root host and pass a temporary challenge acme key. Therefore, you will need to enable MAMP Pro for external access to your website host. In addition, you will need to ensure CertBot can access your website root directory. Sometimes, .htaccess redirects can conflict with this and cause the process to fail.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mysite.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mysite.com/privkey.pem
Your cert will expire on XXXX-XX-XX. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
Setup Correct Permissions for CertBot (Let's Encrypt) SSL Certificates - Mac OS X
1. CertBot created the following directory:
Code: Select all
/etc/letsencrypt/
2. The letsencrypt directory contains your SSL certificate folders. We need to change permissions for the archive and live folders.
3. Right-click on the archive and live folders and open their permissions (Get info -> Sharing & Permissions). Add your Mac OS X user and grant read & write access to each folder. Click Apply to enclosed items...
Add Let's Encrypt SSL Certificate to MAMP Pro Host - Mac OS X
1. Now, we'll add our SSL certificates to our MAMP Pro website host. Select your website host in MAMP Pro -> SSL Tab -> Check SSL Box and select your MAMP Pro SSL certificates accordingly to add them to your host. We want to select the SSL Alias' files in the live folder so when we auto-renew our SSL's, we don't have to update the files again in MAMP Pro. Open each SSL certificate file in MAMP Pro accordingly.
SSL Live Folder Path:
Code: Select all
\YOUR-USER\private\etc\letsencrypt\live
Do not check Automatically resolve selected alias or symbolic link when clicking 'Choose'.
The MAMP Pro Certificate file is:
Code: Select all
cert.pem
Code: Select all
privkey.pem
Code: Select all
chain.pem
2. Click Save. MAMP Pro will restart services.
Validate MAMP Pro Let's Encrypt SSL Certificates Installation
1. Let's ensure we correctly installed the SSL certificates in MAMP Pro for our website. Browse to your website using a browser such as Google Chrome to display the SSL certificate. You should see similar language below.
The connection to this site is using a valid, trusted server certificate issued by Let's Encrypt Authority X3.
You can also use an SSL checker service here.
*To get CertBot to automatically check for SSL certificate renewals for your websites each day, follow this post.