You are not logged in.

#1 2021-02-12 08:28:06

brontosaurusrex
Middle Office
Registered: 2015-09-29
Posts: 2,215
Website

[Solved] https for dummies?

I guess I need a little 'https for dummies guide here'. Trying to add https to my home server and using certbot

sudo certbot certonly --webroot -w /home/pi/usbman/lightyroot -d myhome.sub.domain

populates /etc/letsencrypt/live/myhome.sub.domain with stuff like

cert.pem  chain.pem  fullchain.pem privkey.pem  README

Now this looks like I did something right here, the step I can't comprehend is how to config the lighty now.

This https://redmine.lighttpd.net/projects/1 … oSimpleSSL is unreadble to me and various random google hits on topic will guide me to the server that doesn't start... Any clues/guides?

edit: The first example is working (I guess that would be some sort of self-signed cert)

Last edited by brontosaurusrex (2021-02-12 13:52:08)

Offline

#2 2021-02-12 09:58:39

twoion
ほやほや
Registered: 2015-08-10
Posts: 3,101

Re: [Solved] https for dummies?

You need to set ssl.pemfile to the path to fullchain.pem and ssl.privkey to the path to privkey.pem, in addition to enabling the ssl.engine key to enable SSL https://redmine.lighttpd.net/projects/1/wiki/docs_ssl. Because you use certbot, you don't need to configure anything about ACME challenges.


Music makes us braver

Online

#3 2021-02-12 11:04:33

brontosaurusrex
Middle Office
Registered: 2015-09-29
Posts: 2,215
Website

Re: [Solved] https for dummies?

@twoion, appreciated, after certbot command, I put

$SERVER["socket"] == ":443" {
  ssl.engine = "enable"
  ssl.privkey = "/etc/letsencrypt/live/my.sub.domain/privkey.pem"
  ssl.pemfile = "/etc/letsencrypt/live/my.sub.domain/fullchain.pem"
}

at the bottom of lighttpd.conf and seems to be working.

(Of course it wasn't that simple, 1st I had to find badly formed alias and remove it, otherwise certbot couldn't run its verification...)

edit: I can't see any mention of

server.modules += ("mod_openssl")

in the lighttpd.conf (lighttpd/1.4.53)

edit2: For future me: Auto renewal cron seems to be automagically created in Debian

cat /etc/cron.d/certbot

Last edited by brontosaurusrex (2021-02-12 13:51:50)

Offline

Board footer

Powered by FluxBB