You are not logged in.
Pages: 1
I guess I need a little 'https for dummies guide here'. Trying to add https to my home server and using certbot
sudo certbot certonly --webroot -w /home/pi/usbman/lightyroot -d myhome.sub.domain
populates /etc/letsencrypt/live/myhome.sub.domain with stuff like
cert.pem chain.pem fullchain.pem privkey.pem README
Now this looks like I did something right here, the step I can't comprehend is how to config the lighty now.
This https://redmine.lighttpd.net/projects/1 … oSimpleSSL is unreadble to me and various random google hits on topic will guide me to the server that doesn't start... Any clues/guides?
edit: The first example is working (I guess that would be some sort of self-signed cert)
Last edited by brontosaurusrex (2021-02-12 13:52:08)
Offline
You need to set ssl.pemfile to the path to fullchain.pem and ssl.privkey to the path to privkey.pem, in addition to enabling the ssl.engine key to enable SSL https://redmine.lighttpd.net/projects/1/wiki/docs_ssl. Because you use certbot, you don't need to configure anything about ACME challenges.
Music makes us braver
Offline
@twoion, appreciated, after certbot command, I put
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.privkey = "/etc/letsencrypt/live/my.sub.domain/privkey.pem"
ssl.pemfile = "/etc/letsencrypt/live/my.sub.domain/fullchain.pem"
}
at the bottom of lighttpd.conf and seems to be working.
(Of course it wasn't that simple, 1st I had to find badly formed alias and remove it, otherwise certbot couldn't run its verification...)
edit: I can't see any mention of
server.modules += ("mod_openssl")
in the lighttpd.conf (lighttpd/1.4.53)
edit2: For future me: Auto renewal cron seems to be automagically created in Debian
cat /etc/cron.d/certbot
Last edited by brontosaurusrex (2021-02-12 13:51:50)
Offline
Pages: 1