|
Author
|
zPlus <zplus@peers.community>
2024-06-18 20:21:01
|
|
Committer
|
zPlus <zplus@peers.community>
2024-06-18 20:21:01
|
|
Commit
|
fe4c57a
(patch)
|
|
Tree
|
b4ec3d1
|
|
Parent(s)
|
|
Update lighttpd instructions for configuring SSL certificate.
commits diff:
3b7a605..fe4c57a
1 file changed,
4 insertions,
9 deletions
—
download
Diffstat
Diff options
+4/-9
M documentation/administrators
|
96
|
96
|
|
certbot certonly --webroot -w /var/www/html -d example.org
|
|
97
|
97
|
|
|
|
98
|
98
|
|
The cert is created in /etc/letsencrypt/live/example.org/
|
|
99
|
|
- |
Lighttpd requires the certificate and private key to be in a single file:
|
|
100
|
|
- |
|
|
101
|
|
- |
cat privkey.pem cert.pem > privkey+cert.pem
|
|
102
|
99
|
|
|
|
103
|
100
|
|
Add to lighttpd configuration:
|
|
104
|
101
|
|
|
|
121
|
118
|
|
$HTTP["host"] == "example.org" {
|
|
122
|
119
|
|
$SERVER["socket"] == ":443" {
|
|
123
|
120
|
|
ssl.engine = "enable"
|
|
124
|
|
- |
ssl.pemfile = "/etc/letsencrypt/live/example.org/privkey+cert.pem"
|
|
125
|
|
- |
ssl.ca-file = "/etc/letsencrypt/live/example.org/chain.pem"
|
|
|
121
|
+ |
ssl.pemfile = "/etc/letsencrypt/live/example.org/fullchain.pem"
|
|
|
122
|
+ |
ssl.privkey = "/etc/letsencrypt/live/example.org/privkey.pem"
|
|
126
|
123
|
|
|
|
127
|
124
|
|
proxy.server = (
|
|
128
|
125
|
|
"" => (
|
|
136
|
133
|
|
}
|
|
137
|
134
|
|
|
|
138
|
135
|
|
Let's Encrypt certificates expire every 90 days, so a cron job needs to be set up
|
|
139
|
|
- |
that will generate a new privkey+cert.pem file and reload lighttpd.
|
|
|
136
|
+ |
to run certbot and reload lighttpd.
|
|
140
|
137
|
|
|
|
141
|
|
- |
$ vim /etc/cron.weekly/clif-letsencrypt
|
|
|
138
|
+ |
$ vim /etc/cron.weekly/letsencrypt-renew
|
|
142
|
139
|
|
$ chmod +x /etc/cron.weekly/clif-letsencrypt
|
|
143
|
140
|
|
|
|
144
|
141
|
|
Content of /etc/cron.weekly/clif-letsencrypt:
|
|
145
|
142
|
|
|
|
146
|
143
|
|
#!/bin/sh
|
|
147
|
144
|
|
certbot renew --webroot -w /var/www/html
|
|
148
|
|
- |
cd /etc/letsencrypt/live/example.org
|
|
149
|
|
- |
cat privkey.pem cert.pem > privkey+cert.pem
|
|
150
|
145
|
|
systemctl restart lighttpd
|
|
151
|
146
|
|
|
|
152
|
147
|
|
|