How to setup LetsEncrypt for Linux and lighttpd (Manual)

Create Certificates

1. Configure your webserver to host on a particular domain name. Have it hosting on port 80 and 443 and ensure that this port is forwarded by your internet facing router.

Download certbot: https://certbot.eff.org/

Run as root

#certbot certonly --manual

Follow the on screen instructions and enter in your domain name when prompted.

It will then ask you to place a file and make it available on your website. This can normally be done in the folder:

/var/www/.well-known/acme-challenge

Place Certificates into Webserver

2. Once this has been done, certbot will create some .pem files in a folder such as

/etc/letsencrypt/live/domainname.com

Navigate to the folder and copy these pem files to your webserver’s /etc/lighttpd/ssl folder. Be sure to copy the actual files and not the symbolic links.

Navigate to the location of these pem files on the webserver.

#cat privkey.pem cert.pem > combined.pem

Update Lighttpd server configuration

Edit the lighttpd.conf file in /etc/lighttpd.conf

Navigate to the section where you find server.port=80 and setup the server as follows. This will also setup redirection so that all port 80 traffic is forwarded to HTTPS 443.

server.port = 80
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/lighttpd/ssl/fullchain1.pem"
ssl.pemfile = "/etc/lighttpd/ssl/combined.pem"
}
$SERVER["socket"] == ":80" {
$HTTP["host"] =~ "(.*)" {
url.redirect = ( "^/(.*)" => "https://%1/$1" )
}
}

You may need to enable redirection in your lighttp server. To do this, edit the /etc/lighttpd/modules.conf

and uncomment the “mod_redirect” line so it is something like below.

server.modules = (
"mod_access",
# "mod_alias",
# "mod_auth",
# "mod_evasive",
"mod_redirect",
# "mod_rewrite",
# "mod_setenv",
# "mod_usertrack",
)

(Re)start the websever

#lighttpd -f /etc/lighttpd.conf

or something like

#/etc/init.d/lighttpd restart

 

Hope some of you find it useful. Note that the certificates need to be renewed every 90 days.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s