MAMP Pro is a popular tool to host a website on macOS, but it’s lacking in the SSL certificate department. There isn’t a way to create a CSR, and SSL support seems to be an afterthought in MAMP even though it is fully supported in the underlying web servers (Apache and Nginx). With the increasing popularity and ease of use of free Let’s Encrypt certificates, we set out to create a guide that would accomplish two things:
- Provide a way to install an SSL certificate in MAMP Pro
- Set it and forget it – once it’s set up, we don’t want to have to manually renew the SSL certificate.
This guide assumes a few things have already been set up:
- The latest version of macOS 10.13 is installed
- The latest version of MAMP Pro 5.x is installed and your website host is configured and is running on ports 80 and 443.
- Xcode is installed (available for free in the App Store)
First we’re going to install a package manager for macOS called Homebrew. If Homebrew is already installed then skip the next step (check by running “brew -v” in Terminal).
In Terminal, enter the following command and hit Enter:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
The installer will grab some files and install Homebrew – it may take a little while if it has to install Command Line Tools for Xcode. Now that Homebrew is installed, we can check to see if there are any suggestions:
brew doctor
If all is well, it should say Your system is ready to brew.
Moving on, we’re going to install certbot, which will handle the process of issuing and renewing our Let’s Encrypt SSL certificate:
brew install certbot
After this process is done, we’re ready to issue our certificate. For the following step, we need to know where our website is stored on the system. This can be found in MAMP Pro in the Hosts tab by selecting your host. Identify the location under Document root. In our example, our website is located in /Users/administrator/Documents/demowebsite/. Make sure to replace the document root with your own, and use your own domain name. The certificate will be generated with and without the “www.”
To issue the certificate:
sudo certbot certonly --webroot -w /Users/administrator/Documents/demowebsite/ -d demo.macminivault.com -d www.demo.macminivault.com
certbot may ask for an email address and you will need to agree to the Let’s Encrypt Terms of Service. Once certbot verifies everything, we should be presented with:
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/demo.macminivault.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/demo.macminivault.com/privkey.pem Your cert will expire on XXXX-XX-XX. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew"
Now we need to grant ourselves access to the certificate files so that MAMP can access them. In Finder, click Go -> Go to Folder… and type in /etc/letsencrypt and click Go.
This will open up the letsencrypt folder where our certificates are located:
We are going to change the permissions of the archive and live folders – follow these instructions for each of the folders:
- Right click on the archive folder and choose Get Info
- Click the arrow next to Sharing & Permissions
- Click the lock icon and enter your password
- Click + and add your user and grant it Read & Write permissions
- Click the gear icon and choose Apply to enclosed items…
- Click the lock icon and close the info page
- Repeat steps 1 through 6 for the live folder
Right click on the live folder and choose Make Alias and drag the live folder alias to your desktop.
In MAMP Pro, Navigate to the Hosts tab and select your website. Click on the SSL tab.
Click the checkbox next to SSL, and navigate to our SSL certificate, key, and chain (under Advanced options) and then click Save:
It will restart the web server and if all went well, your website should be available via https:
Let’s set certbot to run every night at 2:47AM and renew the certificate automatically. We’re going to do this by setting up a crontab. This is a deprecated way of scheduling tasks in macOS, but is the most reliable method for this task:
sudo crontab -e
You will need to press i to edit the page, then paste in this line:
47 2 * * * /usr/local/bin/certbot renew --quiet
Then press Esc, then type:
:wq
And hit enter to save.
We’re all done! The certbot logs will be available in /var/log/letsencrypt/letsencrypt.log in the event there are any issues.
Did we miss something? Questions? Email us at sales@macminivault.com.