From fe4c57a690d6dcc8aacf6e40035590268c702091 Mon Sep 17 00:00:00 2001
From: zPlus <zplus@peers.community>
Date: Tue, 18 Jun 2024 22:21:01 +0200
Subject: [PATCH] Update lighttpd instructions for configuring SSL certificate.

---
 documentation/administrators | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/documentation/administrators b/documentation/administrators
index 7f53a04..878f41d 100644
--- a/documentation/administrators
+++ b/documentation/administrators
@@ -96,9 +96,6 @@ with also a TLS certificate.
     certbot certonly --webroot -w /var/www/html -d example.org
 
 The cert is created in /etc/letsencrypt/live/example.org/
-Lighttpd requires the certificate and private key to be in a single file:
-
-    cat privkey.pem cert.pem > privkey+cert.pem
 
 Add to lighttpd configuration:
 
@@ -121,8 +118,8 @@ Add to lighttpd configuration:
     $HTTP["host"] == "example.org" {
         $SERVER["socket"] == ":443" {
             ssl.engine = "enable"
-            ssl.pemfile = "/etc/letsencrypt/live/example.org/privkey+cert.pem"
-            ssl.ca-file = "/etc/letsencrypt/live/example.org/chain.pem"
+            ssl.pemfile = "/etc/letsencrypt/live/example.org/fullchain.pem"
+            ssl.privkey = "/etc/letsencrypt/live/example.org/privkey.pem"
 
             proxy.server = (
                 "" => (
@@ -136,17 +133,15 @@ Add to lighttpd configuration:
     }
 
 Let's Encrypt certificates expire every 90 days, so a cron job needs to be set up
-that will generate a new privkey+cert.pem file and reload lighttpd.
+to run certbot and reload lighttpd.
 
-    $ vim /etc/cron.weekly/clif-letsencrypt
+    $ vim /etc/cron.weekly/letsencrypt-renew
     $ chmod +x /etc/cron.weekly/clif-letsencrypt
 
 Content of /etc/cron.weekly/clif-letsencrypt:
 
     #!/bin/sh
     certbot renew --webroot -w /var/www/html
-    cd /etc/letsencrypt/live/example.org
-    cat privkey.pem cert.pem > privkey+cert.pem
     systemctl restart lighttpd