Jump to content

How to Use Let's Encrypt to get free SSL certificates for FileMaker Server

This topic is 2368 days old. Please don't post here. Open a new topic instead.

Recommended Posts

Hello Everyone,


I've written a PowerShell script to allow you to get a free SSL certificate from Let's Encrypt to use with FileMaker Server. You can schedule this to run every few months and renew your certificate automatically. Now there's no reason to keep using that default certificate. Check out the post for instructions!


How to Use Let’s Encrypt SSL Certificates with FileMaker Server | Blue Feather - FileMaker Developer, Android, Web 

EDIT: One compatibility note for everyone - While it looks like it's all compatible with FileMaker Pro 13-15, only FileMaker Go 15 is compatible. FileMaker Go 14 is unable to connect with these certificates installed. I'd recommend using FM Go 15 anyway, but it's something to be aware of if you're still using FM Go 14.

Edited by Smef
Added note about FM Go 14 compatibility.
  • Like 2
Link to comment
Share on other sites

The warning FMI gives about using non-supported SSL certificates is that FileMaker Pro and Go clients won't be able to verify the SSL certificate. I believe we've solved this issue with this solution, and FileMaker clients as early as 13 are able to successfully verify the SSL certificate. There could be other issues lurking somewhere, but we've got this deployed in a number of live servers with no issues so far. It's definitely a good idea to do some testing after deploying this, all the same.

If anyone does encounter any issues, please post them here, on the article's comment section, or send a private message or email to me.

Edited by Smef
Link to comment
Share on other sites

It's definitely doable in a similar fashion, I just haven't gotten to doing it yet. I may have a Mac server available soon I can do testing on, and will definitely post when I get a script available for Mac.

Link to comment
Share on other sites

Great job @Smef! I've been wanting to use Let's Encrypt, but didn't think it was compatible with FileMaker.

When I schedule tasks on a FileMaker Server, I prefer to schedule them from within FileMaker Server itself. Since FMS can't run powershell scripts directly, I send this bash script the name of a powershell script to run and any parameters to send to the powershell script, if needed:

:: file name: run_powershell_script.cmd
:: Created by: Daniel Smith http://scr.im/fmconsulting

:: change current directory to script location
@PUSHD %~dp0

:: this is the old method that I disabled because of a bug in powershell.exe
:: powershell.exe -file %*

:: calling powershell.exe with -file option causes exceptions to NOT return an error code to this script
:: I implemented a work-around linked to from here: http://stackoverflow.com/a/15779295
:: I am replacing " with ' because, when using the -command option, " does not group data into a single value
:: FMS reads an errorlevel of 1 as "aborted by user" and only set's the log level to information,
:: I am trapping for uncaught errors and returning 100 so the log level is set as error in FMS
:: Since the actual error returned by the powershell script is lost, I'm sending it to a file.

SET params=%*
SET params=%params:"='%
PowerShell.exe -ExecutionPolicy unrestricted -command "& {trap{Out-File -FilePath "..\Documents\run_powershell_script_errors.log" -Append -InputObject $_ ; exit 100} .\%params%}"




Link to comment
Share on other sites

Probably not; I hadn't thought of that. I usually don't run scheduled scripts as Administrator, so that hasn't come up.

In that case, I would use a script to create the scheduled task. Here's an example: (the options would need to be changed to get it to run as Administrator)

# https://technet.microsoft.com/en-us/library/jj649816(v=wps.630).aspx

$Action = New-ScheduledTaskAction `
	-Execute powershell.exe `
	-Argument "-ExecutionPolicy Bypass -File C:\GetSSL.ps1"

$Trigger = New-ScheduledTaskTrigger `
	-DaysInterval 85 `
	-At 1:00am

$Settings = New-ScheduledTaskSettingsSet `
	-AllowStartIfOnBatteries `
	-DontStopIfGoingOnBatteries `
	-ExecutionTimeLimit 00:05 `

$Principal = New-ScheduledTaskPrincipal `
	-UserId $([System.Security.Principal.WindowsIdentity]::GetCurrent().Name) `
	-LogonType S4U

$Task = New-ScheduledTask -Action $Action -Trigger $Trigger -Settings $Settings -Principal $Principal `
	-Description "TODO:explain what the task is for"

Register-ScheduledTask -TaskName "TODO:task-name" -TaskPath "TODO:optional-folder-name" -InputObject $Task -Force


Link to comment
Share on other sites

  • 2 months later...
  • 2 weeks later...
  • 3 months later...
  • 3 weeks later...
  • 1 month later...

Will this be the full procedure for FM16S on a Mac?




brew install certbot


Perpetually; the first of every month or so

sudo certbot certonly -w "/Library/FileMaker Server/HTTPServer/htdocs" -d sub.domain.tld
ln -s /etc/letsencrypt/live/sub.domain.tld/privkey.pem /Library/FileMaker\ Server/CStore/privkey.pem
sudo fmsadmin certificate import /etc/letsencrypt/live/sub.domain.tld/fullkey.pem --keyfile /Library/FileMaker\ Server/CStore/privkey.pem
sudo launchctl stop com.filemaker.fms
sudo launchctl start com.filemaker.fms


Here are some examples on how to use certbot for other purposes: https://certbot.eff.org/docs/using.html

Link to comment
Share on other sites

  • 3 months later...

Thanks for this article, OP. It worked great for me.

On 2/8/2017 at 3:55 PM, Dean Suhr said:

Ping ... Has anyone implemented Let's encrypt on a Mac running FileMaker Server?

Yes, I did this on Mac. Just tweaked some of the filenames and directories to my liking. You'll need to follow the Mac tutorial though.



Link to comment
Share on other sites

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.