├── .gitignore
├── README.md
├── com.bluefeathergroup.fm-ssl.plist
├── LICENSE
└── GetSSL.sh


/.gitignore:
--------------------------------------------------------------------------------
1 | testing/


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # FileMaker-LetsEncrypt-Mac
 2 | A bash script for fetching and renewing Let's Encrypt SSL certificates for FileMaker Server running on Mac.
 3 | 
 4 | Setup instructions and an example video can be found at https://bluefeathergroup.com/blog/lets-encrypt-ssl-certificates-for-filemaker-server-for-mac/
 5 | 
 6 | ## How to use:
 7 | The script utilizes certbot to get SSL certificates from Let's Encrypt. Install certbot via homebrew:
 8 | ```
 9 | brew install certbot
10 | ```
11 | 
12 | Change directory into the cloned repository and run:
13 | ```
14 | sudo ./GetSSL.sh
15 | ```
16 | *Script requires root privileges for certain functions. Always review the code before running any script as root.*
17 | 
18 | For help on options, run:
19 | ```
20 | ./GetSSL.sh --help
21 | ```


--------------------------------------------------------------------------------
/com.bluefeathergroup.fm-ssl.plist:
--------------------------------------------------------------------------------
 1 | <?xml version="1.0" encoding="UTF-8"?>
 2 | <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 3 | <plist version="1.0">
 4 | <dict>
 5 | 	<key>EnvironmentVariables</key>
 6 | 	<dict>
 7 | 		<key>PATH</key>
 8 | 		<string>/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/sbin</string>
 9 | 	</dict>
10 | 	<key>Label</key>
11 | 	<string>com.bluefeather.fms-ssl</string>
12 | 	<key>ProgramArguments</key>
13 | 	<array>
14 | 		<string>/bin/sh</string>
15 | 		<string>/usr/local/bin/GetSSL.sh</string>
16 | 	</array>
17 | 	<key>RunAtLoad</key>
18 | 	<false/>
19 | 	<key>StartCalendarInterval</key>
20 | 	<array>
21 | 		<dict>
22 | 			<key>Hour</key>
23 | 			<integer>18</integer>
24 | 			<key>Minute</key>
25 | 			<integer>21</integer>
26 | 			<key>Weekday</key>
27 | 			<integer>6</integer>
28 | 		</dict>
29 | 	</array>
30 | 
31 | </dict>
32 | </plist>
33 | 


--------------------------------------------------------------------------------
/LICENSE:
--------------------------------------------------------------------------------
 1 | MIT License
 2 | 
 3 | Copyright (c) 2018 Smef
 4 | 
 5 | Permission is hereby granted, free of charge, to any person obtaining a copy
 6 | of this software and associated documentation files (the "Software"), to deal
 7 | in the Software without restriction, including without limitation the rights
 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 9 | copies of the Software, and to permit persons to whom the Software is
10 | furnished to do so, subject to the following conditions:
11 | 
12 | The above copyright notice and this permission notice shall be included in all
13 | copies or substantial portions of the Software.
14 | 
15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
21 | SOFTWARE.
22 | 


--------------------------------------------------------------------------------
/GetSSL.sh:
--------------------------------------------------------------------------------
  1 | #!/bin/sh
  2 | 
  3 | # Created by: David Nahodyl, Blue Feather
  4 | # Contact: contact@bluefeathergroup.com
  5 | 
  6 | # Need help? We can set this up to run on your server for you! Send an email to 
  7 | # contact@bluefeathergroup.com or give a call at (770) 765-6258
  8 | 
  9 | function usage() {
 10 |     cat <<USAGE
 11 | 
 12 |     WARNING! THIS SCRIPT WILL RESTART FILEMAKER SERVER!
 13 | 
 14 |     Creates an SSL Certificate from the Let's Encrypt Certificate Authority (CA) to
 15 |     encypt data in motion for FileMaker. Certbot requires that port 80 be forwarded
 16 |     to your server.
 17 |     
 18 |     Must be run as root.
 19 | 
 20 |     Options:
 21 |         -d | --domain               Set the domain.
 22 |         -e | --email                Set the contact email.
 23 |         -s | --server-path          Set the path to the FileMaker Server directory.
 24 | 
 25 |         --no-confirm                Skip confirmation. Suggested for use in scripts.
 26 | 
 27 | 	    -h, --help, --usage:    	Print this help message.
 28 | 
 29 |     Domain:
 30 |     --domain
 31 |         Change the domain variable to the domain/subdomain for which you would like
 32 |         an SSL Certificate
 33 |         "fms.mycompany.com"
 34 | 
 35 |     Email:
 36 |     --email
 37 |         Change the contact email address to your real email address so that Let's Encrypt
 38 |         can contact you if there are any problems
 39 |         "myemail@mycompoany.com"
 40 | 
 41 |     Server Path:
 42 |     --server-path
 43 |         Enter the path to your FileMaker Server directory, ending in a slash 
 44 |         "/Library/FileMaker Server/" 
 45 | 
 46 | 
 47 | USAGE
 48 |     exit 1
 49 | }
 50 | 
 51 | # Set flags
 52 | echo
 53 | while [ "$1" != "" ]; do
 54 | 	case $1 in
 55 | 	-d | --domain)
 56 | 		shift
 57 | 		DOMAIN=$1
 58 | 		# echo "Using domain: $DOMAIN"
 59 | 		;;
 60 | 
 61 | 	-e | --email)
 62 | 		shift
 63 | 		EMAIL=$1
 64 | 		# echo "Email: $EMAIL"
 65 | 		;;
 66 | 
 67 | 	-s | --server-path)
 68 | 		shift
 69 | 		SERVER_PATH=$1
 70 | 		# echo "Server path: $SERVER_PATH"
 71 | 		;;
 72 | 
 73 |     --no-confirm)
 74 |         NOCONFIRM=true
 75 |         ;;
 76 | 
 77 | 	-h | --help | --usage)
 78 | 		usage
 79 | 		exit 1
 80 | 		;;
 81 | 
 82 |     	*)
 83 | 		printf "\033[1;31mError: Invalid option!\033[0m\n"
 84 | 		echo "Use --help for usage"
 85 | 		exit 1
 86 | 		;;
 87 | 	esac
 88 | 	shift
 89 | done
 90 | 
 91 | # Checks to see if script is running as root.
 92 | if [ "$EUID" -ne 0 ]
 93 |   then echo "Please run as root"
 94 |   exit
 95 | fi
 96 | 
 97 | # Check to see if certbot is installed.
 98 | if ! type certbot > /dev/null; 
 99 | then
100 |     printf "\033[1;31mError: Certbot could not be found\033[0m\n"
101 |     echo "Install Certbot https://certbot.eff.org"
102 |     exit 1
103 | fi
104 | 
105 | # Check for arguements.
106 | if [ "$DOMAIN" = "" ]; then
107 | 	read -p "Set your domain: " DOMAIN
108 |         if [[ $DOMAIN == "" ]];
109 |             then printf "\033[1;31mError: Domain not specified. Must enter domain.\033[0m\n" && exit 1
110 |         fi
111 | 	echo
112 | fi
113 | 
114 | if [ "$EMAIL" = "" ]; then
115 | 	read -p "Set your Email: " EMAIL
116 |         if [[ $EMAIL == "" ]];
117 |             then printf "\033[1;31mError: Email not specified. Must enter email.\033[0m\n" && exit 1
118 |         fi
119 | 	echo
120 | fi
121 | 
122 | if [ "$SERVER_PATH" = "" ]; then
123 | 	read -p "Set your Server Path. Press 'enter' for default. ('/Library/FileMaker Server/'): " SERVER_PATH
124 |     SERVER_PATH=${SERVER_PATH:-"/Library/FileMaker Server/"}
125 |         if [[ $SERVER_PATH == "" ]];
126 |             then printf "\033[1;31mError: Server Path not specified. Must enter Server Path.\033[0m\n" && exit 1
127 |         fi
128 | 	echo
129 | fi
130 | 
131 | # Confirm arguements
132 | if  [[ $NOCONFIRM == "" ]]; 
133 | then
134 |     while true; do
135 |         echo "Domain:       $DOMAIN"
136 |         echo "Email:        $EMAIL"
137 |         echo "Server Path:  $SERVER_PATH"
138 |         echo
139 |         read -p "Is the above information correct? Y/n: " YN
140 |         case $YN in
141 |             [Yy]* )
142 |                 echo "Continueing..."
143 |                 break;;
144 | 
145 |             [Nn]* )
146 |                 echo "Stopping script..."
147 |                 exit 1
148 |                 break;;
149 |             * )
150 |                 echo "Please answer yes or no.";;
151 |         esac
152 |     done
153 | else
154 |     echo "Skipping Confirmation..."
155 | fi
156 | 
157 | # testing e-brake
158 | # exit
159 | 
160 | WEB_ROOT="${SERVER_PATH}HTTPServer/htdocs"
161 | 
162 | 
163 | # Get the certificate
164 | certbot certonly --webroot -w "$WEB_ROOT" -d $DOMAIN --agree-tos -m "$EMAIL" --preferred-challenges "http" -n
165 | 
166 | cp "/etc/letsencrypt/live/${DOMAIN}/fullchain.pem" "${SERVER_PATH}CStore/fullchain.pem"
167 | cp "/etc/letsencrypt/live/${DOMAIN}/privkey.pem" "${SERVER_PATH}CStore/privkey.pem"
168 | 
169 | chmod 640 "${SERVER_PATH}CStore/privkey.pem"
170 | 
171 | # Move an old certificate, if there is one, to prevent an error
172 | FILE=${SERVER_PATH}CStore/serverKey.pem
173 | if test -f "$FILE"; then
174 |     echo "$FILE exists. Moving to serverKey-old.pem to prevent an error."
175 |     mv "${SERVER_PATH}CStore/serverKey.pem" "${SERVER_PATH}CStore/serverKey-old.pem"
176 | fi
177 | 
178 | 
179 | # Remove the old certificate
180 | fmsadmin certificate delete
181 | 
182 | # Install the certificate
183 | fmsadmin certificate import "${SERVER_PATH}CStore/fullchain.pem" --keyfile "${SERVER_PATH}CStore/privkey.pem" -y
184 | 
185 | # Stop FileMaker Server
186 | launchctl stop com.filemaker.fms
187 | 
188 | # Wait 15 seconds for it to stop
189 | sleep 15s
190 | 
191 | # Start FileMaker Server again
192 | launchctl start com.filemaker.fms
193 | 
194 | echo
195 | echo "FileMaker Server should now be set to use TLS/SSL"
196 | echo


--------------------------------------------------------------------------------