[General] #### Install FileMaker Server #### Installing FileMaker Server Needs to install unzip Needs to install centos-release-scl Installing FileMaker Server $ sudo yum install unzip $ sudo yum install centos-release-scl $ cd src - put the latest copy of the FileMaker Server installer here - $ unzip fms_19.2.1.23.zip -d fms19 $ cd fms19 $ sudo yum install filemaker_server-19.2.1-23.x86_64.rpm -y (reboot, if needed) [Demo 1] #### Install Certbot #### Installing Certbot Needs to install a tool called snap Installing snap Needs to install EPEL repository Installing EPEL repository $ sudo yum install epel-release Installing snap $ sudo yum install snapd $ sudo systemctl enable --now snapd.socket $ sudo ln -s /var/lib/snapd/snap /snap $ sudo snap install core; sudo snap refresh core Installing Certbot $ sudo snap install --classic certbot $ sudo ln -s /snap/bin/certbot /usr/local/bin/ Installing certbot plugin for gandi.net Needs to install git Needs to install Python3 Needs to install pip3 Installing git $ sudo yum install git Installing Python3 and pip3 $ sudo yum install python3 Updating pip $ sudo pip3 install --upgrade pip Installing certbot plugin for gandi.net $ cd ~/src $ git clone https://github.com/obynio/certbot-plugin-gandi $ cd certbot-plugin-gandi $ sudo pip3 install certbot_plugin_gandi #### Setup Certbot #### Get the API key of gandi.net -- getting -- Create gandi.ini file $ sudo mkdir /etc/letsencrypt $ sudo mkdir /etc/letsencrypt/gandi $ sudo vi /etc/letsencrypt/gandi/gandi.ini # live dns v5 api key dns_gandi_api_key= $ sudo chmod 600 /etc/letsencrypt/gandi/gandi.ini #### Get the certificate (via gandi DNS) #### Get the certificate (via gandi DNS) $ sudo certbot certonly --authenticator dns-gandi --dns-gandi-credentials /etc/letsencrypt/gandi/gandi.ini -d fms.example.com Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): # When the first time you run the Certbot, you need to define your email address # Only the first time, after that you don't need this Check the certificate $ sudo ls -lh /etc/letsencrypt/live/fms.example.com/ $ sudo openssl x509 -noout -text -in /etc/letsencrypt/live/fms.example.com/cert.pem | less [Demo 2] #### Install dehydrated #### Installing dehydrated Needs to install EPEL repository Installing EPEL repository $ sudo yum install epel-release Installing dehydrated $ sudo yum install dehydrated Installing Route 53 hook script Needs to install Python3 Needs to install pip3 Needs to install git Installing Python3 $ sudo yum install python3 Installing pip $ sudo yum install python-pip --enablerepo=epel $ sudo pip3 install --upgrade pip $ sudo pip install boto Installing git $ sudo yum install git Installing Route 53 hook script $ cd ~/src $ git clone https://gist.github.com/rmarchei/98489c05f0898abe612eec916508f2bf hook $ sudo cp -r hook /etc/dehydrated/ $ sudo chmod 700 /etc/dehydrated/hook/route53.py #### Setup dehydrated #### Get the API key of AWS $ sudo /usr/local/bin/pip3 install awscli Get the API key of AWS Route 53 -- getting -- Setting up the API key of AWS $ sudo aws configure AWS Access Key ID [None]: AWS Secret Access Key [None]: Default region name [None]: ap-northeast-1 Default output format [None]: json Register Lets Encrypt before first try $ sudo dehydrated --register --accept-terms $ sudo vi /etc/dehydrated/config CONTACT_EMAIL= #### Get the certificate (via Route 53) #### Get the certificate (via Route 53) $ sudo dehydrated -c -d fms.example.com -t dns-01 --hook /etc/dehydrated/hook/route53.py Check the certificate $ sudo ls -lh /etc/dehydrated/certs/fms.example.com/ $ sudo openssl x509 -noout -text -in /etc/dehydrated/certs/fms.example.com/cert.pem | less