![[BunsenLabs Logo]](/img/bl.svg)
You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2021-02-12 08:28:06
- brontosaurusrex
- Middle Office
- Registered: 2015-09-29
- Posts: 2,215
- Website
[Solved] https for dummies?
I guess I need a little 'https for dummies guide here'. Trying to add https to my home server and using certbot
sudo certbot certonly --webroot -w /home/pi/usbman/lightyroot -d myhome.sub.domainpopulates /etc/letsencrypt/live/myhome.sub.domain with stuff like
cert.pem chain.pem fullchain.pem privkey.pem READMENow this looks like I did something right here, the step I can't comprehend is how to config the lighty now.
This https://redmine.lighttpd.net/projects/1 … oSimpleSSL is unreadble to me and various random google hits on topic will guide me to the server that doesn't start... Any clues/guides?
edit: The first example is working (I guess that would be some sort of self-signed cert)
Last edited by brontosaurusrex (2021-02-12 13:52:08)
Offline
#2 2021-02-12 09:58:39
- twoion
- ほやほや
- Registered: 2015-08-10
- Posts: 3,101
Re: [Solved] https for dummies?
You need to set ssl.pemfile to the path to fullchain.pem and ssl.privkey to the path to privkey.pem, in addition to enabling the ssl.engine key to enable SSL https://redmine.lighttpd.net/projects/1/wiki/docs_ssl. Because you use certbot, you don't need to configure anything about ACME challenges.
Music makes us braver
Offline
#3 2021-02-12 11:04:33
- brontosaurusrex
- Middle Office
- Registered: 2015-09-29
- Posts: 2,215
- Website
Re: [Solved] https for dummies?
@twoion, appreciated, after certbot command, I put
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.privkey = "/etc/letsencrypt/live/my.sub.domain/privkey.pem"
ssl.pemfile = "/etc/letsencrypt/live/my.sub.domain/fullchain.pem"
}at the bottom of lighttpd.conf and seems to be working.
(Of course it wasn't that simple, 1st I had to find badly formed alias and remove it, otherwise certbot couldn't run its verification...)
edit: I can't see any mention of
server.modules += ("mod_openssl")in the lighttpd.conf (lighttpd/1.4.53)
edit2: For future me: Auto renewal cron seems to be automagically created in Debian
cat /etc/cron.d/certbotLast edited by brontosaurusrex (2021-02-12 13:51:50)
Offline
Pages: 1