Managing automatic certificate installation and renewal with Let's Encrypt

Let's Encrypt is an automated certificate authority that provides free secure socket layer (SSL) certificates for transport layer security (TLS) encryption. To use Let's Encrypt, the domain name must be publicly accessible through port 80 during HTTP validation. Wildcards are not supported.

To create a Let's Encrypt certificate using Admin Console:

1. Click the Configuration > SSL Certificate tab.

2. Click Request Let's Encrypt Certificate.

3. For requesting a Let's Encrypt Certificate, enter the following information:

   • Domain Name: The fully qualified domain name for your server.

   • Automatically Renew Certificate: Enable this option to automatically create a new certificate when the certificate expires. You can enter an email address for automatic renewal notifications if you have configured SMTP in the Notifications tab.

4. Click Request to create the serverCustom.pem and serverKey.pem files in the CStore folder.

5. Click Test Validation to verify whether FileMaker Server is publicly accessible using the provided fully qualified domain name. The test determines whether a Let's Encrypt request would work.

Notes  

• In UFW on Linux, port 80 is opened and closed automatically during Let's Encrypt requests.

• The Automatically Renew Certificate option will create a schedule that runs the Sys_Default_RenewLetsEncryptCertificate system script.