You are not logged in.

#1 2021-02-12 08:28:06

Middle Office
Registered: 2015-09-29
Posts: 2,352

[Solved] https for dummies?

I guess I need a little 'https for dummies guide here'. Trying to add https to my home server and using certbot

sudo certbot certonly --webroot -w /home/pi/usbman/lightyroot -d myhome.sub.domain

populates /etc/letsencrypt/live/myhome.sub.domain with stuff like

cert.pem  chain.pem  fullchain.pem privkey.pem  README

Now this looks like I did something right here, the step I can't comprehend is how to config the lighty now.

This … oSimpleSSL is unreadble to me and various random google hits on topic will guide me to the server that doesn't start... Any clues/guides?

edit: The first example is working (I guess that would be some sort of self-signed cert)

Last edited by brontosaurusrex (2021-02-12 13:52:08)


#2 2021-02-12 09:58:39

Registered: 2015-08-10
Posts: 3,239

Re: [Solved] https for dummies?

You need to set ssl.pemfile to the path to fullchain.pem and ssl.privkey to the path to privkey.pem, in addition to enabling the ssl.engine key to enable SSL Because you use certbot, you don't need to configure anything about ACME challenges.



#3 2021-02-12 11:04:33

Middle Office
Registered: 2015-09-29
Posts: 2,352

Re: [Solved] https for dummies?

@twoion, appreciated, after certbot command, I put

$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.privkey = "/etc/letsencrypt/live/my.sub.domain/privkey.pem"
  ssl.pemfile = "/etc/letsencrypt/live/my.sub.domain/fullchain.pem"

at the bottom of lighttpd.conf and seems to be working.

(Of course it wasn't that simple, 1st I had to find badly formed alias and remove it, otherwise certbot couldn't run its verification...)

edit: I can't see any mention of

server.modules += ("mod_openssl")

in the lighttpd.conf (lighttpd/1.4.53)

edit2: For future me: Auto renewal cron seems to be automagically created in Debian

cat /etc/cron.d/certbot

Last edited by brontosaurusrex (2021-02-12 13:51:50)


Board footer

Powered by FluxBB