[Updated 11/17 to reflect deprecation of Let’s Encrypt Mac OSX client.]
While it’s preferrable to install Electronic Frontier Foundation‘s certbot* on your hosting environment (so certificate renewal can be automated via cron), you’ll need root access to do so, in order to install dependencies.
For those situations where that’s not possible, (such as a site hosted on a shared environment), you can install certbot and generate the certificates locally.
Pre-Install Checklist
Make sure you have all of the following installed and updated:
- Homebrew — Run the following on the command-line to install Homebrew:
/usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
If you already have brew installed, run
brew update
andbrew upgrade
, then runbrew doctor
and address any issues that come up. - Git —
brew install git
- Xcode – Install it via the App Store, then run
xcode-select --install
to install the command-line tools. - Pip –
sudo easy_install pip
Install certbot
Thanks to Homebrew, installing certbot is one, simple command:
brew install certbot
Assuming no issues, you’re now ready to generate SSL certificates locally.
*What happened to Let’s Encrypt’s Mac OSX client?
letsencrypt-auto
and certbot-auto
support for OSX (among others) was never more than “experimental”, hence having to add the --debug
flag when installing it. Running either of these commands will now return this error message:
WARNING: certbot-auto support for this macOS is DEPRECATED!
Please visit certbot.eff.org to learn how to download a version of
Certbot that is packaged for your system. While an existing version
of certbot-auto may work currently, we have stopped supporting updating
system packages for your system. Please switch to a packaged version
as soon as possible.
They’re being phased out in favor of certbot, which has proper OS package support.