Kenneth Parker wrote: 
> I use lighttpd for, with nano as my editor. I don't
> quite understand the Certificates required for https. I guess it is time
> for some lessons.

The easiest thing to do here is to install certbot.

Assuming that your web root is /var/www and your domain name is

certbot certonly --webroot -w /var/www -d -d

It will ask you some questions, then it should drop some files
in /etc/letsencrypt/live/

Now you need to combine those files for lighttpd:

cat /etc/letsencrypt/live/ \
/etc/letsencrypt/live/ > \

And then tell lighttpd to use it:

$SERVER["socket"] == ":443" {
 ssl.engine   = "enable"  = "/etc/letsencrypt/live/"
 ssl.pemfile  = "/etc/letsencrypt/live/"

And restart lighttpd. Test your new 

Last step: create a cron job to run once a week that does

certbot renew && \
cat /etc/letsencrypt/live/ \
/etc/letsencrypt/live/ > \
/etc/letsencrypt/live/eyeblinkuniverse/merged.pem && \
service lighttpd restart

That should take care of you. If you run into trouble, you're
using the largest issuer of SSL certs and the most popular
client, and the cron job should let you know a month before the
cert actually expires.


Reply via email to