Alexander Sayapin Teacher's site

Setup Let's Encrypt With Lighttpd on Ubuntu 16.04

Posted on Wed 01 April 2020

In Общие вопросы.

tags: setup lighttpd ssl certbot


Setup Let's Encrypt With Lighttpd on Ubuntu 16.04

Introduction

Let’s Encrypt is a Certificate Authority (CA) that issues free SSL/TLS certificates. Lighttpd is a lightweight webserver that runs on low resources. Let’s Encrypt SSL certificates can easily be installed on a Lighttpd server using Certbot, a software client that automates most of the process of obtaining the certificates.

Prerequistes

This tutorial assumes that you have already created a Vultr Cloud Compute instance with Lighttpd installed on Ubuntu 16.04, have a domain name pointing to your server, and have logged in as root. Step One: Install Certbot

The first step is to install Certbot. Add the Certbot repository. Press Enter when prompted for confirmation.

sudo add-apt-repository ppa:certbot/certbot

Install Certbot.

sudo apt-get update
sudo apt-get install certbot

Step Two: Obtain SSL Certificate

Once Certbot is installed, you can obtain an SSL certificate. Run the following command, replacing example.com with your own domain name:

sudo certbot certonly --webroot -w /var/www/html -d example.com -d www.example.com

Continue through the interactive installer.

Step Three: Setup Certificate Files for use with Lighttpd

Certbot will place the obtained certificate files in /etc/letsencrypt/live/example.com. You will need to grant the Lighttpd user access to this directory.

chown :www-data /etc/letsencrypt
chown :www-data /etc/letsencrypt/live
chmod g+x /etc/letsencrypt
chmod g+x /etc/letsencrypt/live

Lighttpd requires the certificate and private key to be in a single file. You will need to combine the two files. Run the following command, replacing example.com with your own domain name.

sudo bash -c "cat /etc/letsencrypt/live/example.com/privkey.pem /etc/letsencrypt/live/example.com/cert.pem > /etc/letsencrypt/live/example.com/merged.pem"

The privkey.pem and cert.pem files will be combined and saved as merged.pem.

Step Four: Configure Lighttpd

Once your certificate files are ready, you can go on and configure Lighttpd to use the SSL certificate. Open the Lighttpd configuration file for editing.

sudo nano /etc/lighttpd/lighttpd.conf

Add the following block at the end of the file, replacing example.com with your own domain name,

$SERVER["socket"] == ":443" {
    ssl.engine              = "enable"
    ssl.ca-file             = "/etc/letsencrypt/live/example.com/chain.pem"
    ssl.pemfile             = "/etc/letsencrypt/live/example.com/merged.pem"
}

Step Five: Force SSL Usage

For added security, you can force your Lighttpd server to route all HTTP requests to HTTPS. Open the lighttpd.conf file for editing.

sudo nano /etc/lighttpd/lighttpd.conf

Add the following block at the end of the file,

$HTTP["scheme"] == "http" {
    $HTTP["host"] =~ ".*" {
        url.redirect = (".*" => "https://%0$0")
    }
}

You will need to restart the Lighttpd sever for the changes to take effect.

sudo systemctl restart lighttpd

Renewing the SSL Certificate

Let's Encrypt issues SSL certificates with a validity of 90 days. You will need to renew your certificate before it expires to avoid certificate errors. You can renew the certificate with Certbot.

sudo certbot renew

You will need to combine the certificate and private key for Lighttpd. Run the following command, replacing example.com with your domain name.

sudo bash -c "cat /etc/letsencrypt/live/example.com/privkey.pem /etc/letsencrypt/live/example.com/cert.pem > /etc/letsencrypt/live/example.com/merged.pem"

Your certificate will renewed for another 90 days.


tags

алфавит (1) архитектура ЭВМ (4) asp.net (1) бгд (22) бисв (23) бкб (22) бме (22) бпэ (23) бпэз (4) бпэзу (1) бпм (20) бпм объявления (7) certbot (1) cheatsheet (1) checkinstall (1) csv (1) дискретная математика (25) экзамен (1) embedded rust (2) english (1) формальные грамматики (1) gdb (2) язык (1) исследование операций (1) jupyter (1) критерии (2) курсовая работа (2) lighttpd (2) low-latency (1) machine learning (3) make (1) make install (1) markdown (1) машинное обучение (1) математическая лингвистика (1) математическая логика (1) математическая статистика (2) Математические основы кмпьютерной графики (1) Математические основы компьютерного моделирования (1) Математические основы компьютерной графики (1) методы оптимизации (20) методы оптмимизации (1) методы принятия решений (1) миа (7) мии (8) мик (7) мим (8) миo (5) мип (9) мит (44) миу (14) миз (13) ml (1) mono (1) мпм (9) natural language processing (1) nlp (1) nucleo (2) объявления (31) оформление (2) openocd (2) openpgp (1) pandas (1) pgp (1) подтверждение вывода (1) programming (3) python (3) robot (1) robotics (2) setup (6) шпаргалка (1) системы компьютерной математики (1) smartcard (1) ssh (1) ssl (1) STM32 (2) streaming (1) строка (1) тб (21) teaching (1) teaching statement (1) Теоретические основы цифровой обработки изображений (2) тест (1) учебник (1) up board (1) video (1) вкр (2) xls (1)