Let's Encrypt (certbot)
Install with brew:
brew install letsencrypt
In order to initiate a request for a certificate you have to make sure that your apache is running and your virtual host (qualified domain) is accessable and fully funtional. Once you have that start the process as root via terminal.
sudo -s
certbot --apache
You can fix permissions on certificate folders and the log folder to be able to see them both.
Fix permissions on etc/letsencrypt folder immediately after each renewal.
sudo -s
find /etc/letsencrypt/ -type d -exec chmod 755 {} \;
find /etc/letsencrypt/ -type f -exec chmod 644 {} \;
find /private/var/log/letsencrypt/ -type d -exec chmod 755 {} \;
find /private/var/log/letsencrypt/ -type f -exec chmod 644 {} \;
Exim and dovecot requires the certificates to be in /private/etc/certificates so a symlink is the easiest way to let them know where they are:
sudo -s
ln -s /etc/letsencrypt/live/example.com/fullchain.pem /private/etc/certificates/example.com.crt
ln -s /etc/letsencrypt/live/example.com/privkey.pem /private/etc/certificates/example.com.key
contrab on OS X
Let’s set certbot to run every night at 2:47AM and renew the certificate automatically.
$ sudo crontab -e
You will need to press i to edit the page, then paste in this line:
47 2 * * * /usr/local/bin/certbot renew --quiet
Then press Esc, then type:
:wq
And hit enter to save.