MAMP Pro: Let's Encrypt SSL Certificates (Create / Install / Usage) - Mac OS X

Discussion for guides including MAMP official & unofficial documentation. User submitted guides can be moved here by moderators.
Post Reply
mampsupportmod
Site Admin
Posts: 156
Joined: Wed Jan 20, 2021 3:06 am

MAMP Pro: Let's Encrypt SSL Certificates (Create / Install / Usage) - Mac OS X

Post by mampsupportmod »

Let's Encrypt is a free, automated, and open Certificate Authority (CA) brought to you by the non-profit Internet Security Research Group (ISRG). Several MAMP / MAMP Pro users utilize Let's Encrypt SSL certificates for their development and production environments because they are free. Let's Encrypt SSL's expire every 90 days or 3 months, therefore they must be renewed more often than other paid SSL's. However, you can easily automate Let's Encrypt SSL renewals which we will outline below.


Install HomeBrew for Let's Encrypt CertBot - Mac OS X


1. In order to create and install Let's Encrypt SSL certificates on Mac OS X with MAMP, we need to utilize CertBot. CertBot allows us to request and renew SSL certificates from Let's Encrypt. To get started, we need to install Homebrew which will allow us to install CertBot. Homebrew is a package manager for Mac OS X.



2. The HomeBrew website tells us to use the following command in Terminal to install. Visit the HomeBrew website to confirm you are using the latest command. Type the following command in Terminal:


Code: Select all

/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

Mac Os X Install Homebrew
Mac Os X Install Homebrew (29.13 KiB) Viewed 11766 times

3. Hit return to continue installing HomeBrew. You will need to enter your Mac OS X account password. The HomeBrew install will take about 5-10 minutes depending on your Internet speed and whether or not you have command line tools already installed.



Install CertBot - Mac OS X


1. In Terminal, type the following command to install CertBot.


Code: Select all

brew install certbot


Note: If you already installed CertBot from a previous install, you can check to upgrade CertBot. Use command 'brew upgrade certbot'.



Create a Let's Encrypt SSL Certificate Using CertBot

1. We are ready to create SSL certificates. First, identify your website host root directory in MAMP for the website domain you want to create the SSL certificate for. For example,

Code: Select all

/Users/Applications/MAMP/htdocs/mysite.com
. Next, replace your website directory path and domain name with the command below. This generates a www and non-www version SSL for your domain name.


Code: Select all

sudo certbot certonly --webroot -w /YOUR-USER/Applications/MAMP/htdocs/mysite.com -d mysite.com -d www.mysite.com


2. If successful, CertBot will create your first SSL certificates as well as new folders for which future SSL certificates will be stored in.

Note: In order for CertBot to create you an SSL certificate, it must validate your domain name. CertBot will create a well-known hidden folder inside your website root host and pass a temporary challenge acme key. Therefore, you will need to enable MAMP Pro for external access to your website host. In addition, you will need to ensure CertBot can access your website root directory. Sometimes, .htaccess redirects can conflict with this and cause the process to fail.
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/mysite.com/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/mysite.com/privkey.pem
Your cert will expire on XXXX-XX-XX. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"


Setup Correct Permissions for CertBot (Let's Encrypt) SSL Certificates - Mac OS X

1. CertBot created the following directory:

Code: Select all

/etc/letsencrypt/
. You can access it using the Go menu of Mac OS X and typing that path.


2. The letsencrypt directory contains your SSL certificate folders. We need to change permissions for the archive and live folders.

Ssl Lets Encrypt Folders Mac Os X Archive Live
Ssl Lets Encrypt Folders Mac Os X Archive Live (22.39 KiB) Viewed 11766 times


3. Right-click on the archive and live folders and open their permissions (Get info -> Sharing & Permissions). Add your Mac OS X user and grant read & write access to each folder. Click Apply to enclosed items...

Letsencrypt Read Write Permissions Folder
Letsencrypt Read Write Permissions Folder (34.09 KiB) Viewed 11766 times




Add Let's Encrypt SSL Certificate to MAMP Pro Host - Mac OS X


1. Now, we'll add our SSL certificates to our MAMP Pro website host. Select your website host in MAMP Pro -> SSL Tab -> Check SSL Box and select your MAMP Pro SSL certificates accordingly to add them to your host. We want to select the SSL Alias' files in the live folder so when we auto-renew our SSL's, we don't have to update the files again in MAMP Pro. Open each SSL certificate file in MAMP Pro accordingly.


SSL Live Folder Path: ‎⁨

Code: Select all

\YOUR-USER\private⁩\etc⁩\⁨letsencrypt⁩\⁨live⁩


Do not check Automatically resolve selected alias or symbolic link when clicking 'Choose'.
Mamp Pro Auto Resolve Alias Symbolic Link
Mamp Pro Auto Resolve Alias Symbolic Link (20.01 KiB) Viewed 11766 times

The MAMP Pro Certificate file is:

Code: Select all

 cert.pem
The MAMP Pro Key file is:

Code: Select all

privkey.pem
The MAMP Pro Certificate Chain file is:

Code: Select all

chain.pem
Mamp Pro Set Apache Ssl Certificate
Mamp Pro Set Apache Ssl Certificate (69.93 KiB) Viewed 11766 times


2. Click Save. MAMP Pro will restart services.




Validate MAMP Pro Let's Encrypt SSL Certificates Installation


1. Let's ensure we correctly installed the SSL certificates in MAMP Pro for our website. Browse to your website using a browser such as Google Chrome to display the SSL certificate. You should see similar language below.



The connection to this site is using a valid, trusted server certificate issued by Let's Encrypt Authority X3.

Mamp Pro Ssl Certificate Valid
Mamp Pro Ssl Certificate Valid (59.71 KiB) Viewed 11766 times

You can also use an SSL checker service here.

*To get CertBot to automatically check for SSL certificate renewals for your websites each day, follow this post.
MAMP Support Forums is an unofficial support forum covering MAMP & MAMP Pro solution stacks.
Post Reply