FMS Linux & LetsEncrypt-Certificate?

[pixi]

Has anyone played with latest FMS Linux and LetsEncrypt-Certificates? 
(How) does it work?

[jon91]

1. install `certbot` you will need to run the following:
   sudo yum install epel-release
   sudo yum install certbot
2. https://github.com/jon91/FileMaker-LetsEncrypt-CentOS-7

[jasonwood]

@jon91 once you've run this script once, certbot is always going to update the cert in /etc/letsencrypt/live/${DOMAIN}/ 30 days prior to expiry, right? So you don't actually have to repeat the certbot command.

I'm assuming when you execute this script, it gives users a 60 second warning and then boots them out forcefully, which could result in lost data, and presumably if I happen to be running a long script that's editing data, it will terminate abruptly at the end of the 60 second countdown?

I'm trying to think of a better way... like a daily script that only proceeds if no users are connected, checks if the current certificate file is at least 60 days old, and proceeds to replace it and restart the service. Perhaps if the certificate is over 75 days, then you would consider a more forceful process, and only after sending multiple warnings to users. This is similar to how FileMaker Cloud's daily restart works - it is normally skipped when users are connected, but proceeds anyway if there are "critical updates".

[Agnes Riley]

Can someone tell me which file goes where? I can't install the cert I created.