Create Certificates
1. Configure your webserver to host on a particular domain name. Have it hosting on port 80 and 443 and ensure that this port is forwarded by your internet facing router.
Download certbot: https://certbot.eff.org/
Run as root
#certbot certonly --manual
Follow the on screen instructions and enter in your domain name when prompted.
It will then ask you to place a file and make it available on your website. This can normally be done in the folder:
/var/www/.well-known/acme-challenge
Place Certificates into Webserver
2. Once this has been done, certbot will create some .pem files in a folder such as
/etc/letsencrypt/live/domainname.com
Navigate to the folder and copy these pem files to your webserver’s /etc/lighttpd/ssl folder. Be sure to copy the actual files and not the symbolic links.
Navigate to the location of these pem files on the webserver.
#cat privkey.pem cert.pem > combined.pem
Update Lighttpd server configuration
Edit the lighttpd.conf file in /etc/lighttpd.conf
Navigate to the section where you find server.port=80 and setup the server as follows. This will also setup redirection so that all port 80 traffic is forwarded to HTTPS 443.
server.port = 80
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/lighttpd/ssl/fullchain1.pem"
ssl.pemfile = "/etc/lighttpd/ssl/combined.pem"
}
$SERVER["socket"] == ":80" {
$HTTP["host"] =~ "(.*)" {
url.redirect = ( "^/(.*)" => "https://%1/$1" )
}
}
You may need to enable redirection in your lighttp server. To do this, edit the /etc/lighttpd/modules.conf
and uncomment the “mod_redirect” line so it is something like below.
server.modules = ( "mod_access", # "mod_alias", # "mod_auth", # "mod_evasive", "mod_redirect", # "mod_rewrite", # "mod_setenv", # "mod_usertrack", )
(Re)start the websever
#lighttpd -f /etc/lighttpd.conf
or something like
#/etc/init.d/lighttpd restart
Hope some of you find it useful. Note that the certificates need to be renewed every 90 days.
