home » zplus/clif.git
Author zPlus <zplus@peers.community> 2024-06-18 20:21:01
Committer zPlus <zplus@peers.community> 2024-06-18 20:21:01
Commit fe4c57a (patch)
Tree b4ec3d1
Parent(s)

Update lighttpd instructions for configuring SSL certificate.


commits diff: 3b7a605..fe4c57a
1 file changed, 4 insertions, 9 deletionsdownload


Diffstat
-rw-r--r-- documentation/administrators 13

Diff options
View
Side
Whitespace
Context lines
Inter-hunk lines
+4/-9 M   documentation/administrators
index 7f53a04..878f41d
old size: 6K - new size: 6K
@@ -96,9 +96,6 @@ with also a TLS certificate.
96 96 certbot certonly --webroot -w /var/www/html -d example.org
97 97
98 98 The cert is created in /etc/letsencrypt/live/example.org/
99 - Lighttpd requires the certificate and private key to be in a single file:
100 -
101 - cat privkey.pem cert.pem > privkey+cert.pem
102 99
103 100 Add to lighttpd configuration:
104 101
@@ -121,8 +118,8 @@ Add to lighttpd configuration:
121 118 $HTTP["host"] == "example.org" {
122 119 $SERVER["socket"] == ":443" {
123 120 ssl.engine = "enable"
124 - ssl.pemfile = "/etc/letsencrypt/live/example.org/privkey+cert.pem"
125 - ssl.ca-file = "/etc/letsencrypt/live/example.org/chain.pem"
121 + ssl.pemfile = "/etc/letsencrypt/live/example.org/fullchain.pem"
122 + ssl.privkey = "/etc/letsencrypt/live/example.org/privkey.pem"
126 123
127 124 proxy.server = (
128 125 "" => (
@@ -136,17 +133,15 @@ Add to lighttpd configuration:
136 133 }
137 134
138 135 Let's Encrypt certificates expire every 90 days, so a cron job needs to be set up
139 - that will generate a new privkey+cert.pem file and reload lighttpd.
136 + to run certbot and reload lighttpd.
140 137
141 - $ vim /etc/cron.weekly/clif-letsencrypt
138 + $ vim /etc/cron.weekly/letsencrypt-renew
142 139 $ chmod +x /etc/cron.weekly/clif-letsencrypt
143 140
144 141 Content of /etc/cron.weekly/clif-letsencrypt:
145 142
146 143 #!/bin/sh
147 144 certbot renew --webroot -w /var/www/html
148 - cd /etc/letsencrypt/live/example.org
149 - cat privkey.pem cert.pem > privkey+cert.pem
150 145 systemctl restart lighttpd
151 146
152 147