Kenneth Parker wrote:
>
> I use lighttpd for eyeblinkuniverse.com, with nano as my editor. I don't
> quite understand the Certificates required for https. I guess it is time
> for some lessons.
The easiest thing to do here is to install certbot.
Assuming that your web root is /var/www and your domain name is
eyeblinkuniverse.com:
certbot certonly --webroot -w /var/www -d eyeblinkuniverse.com -d www.eyeblinkuniverse.com
It will ask you some questions, then it should drop some files
in /etc/letsencrypt/live/eyeblinkuniverse.com/
Now you need to combine those files for lighttpd:
cat /etc/letsencrypt/live/eyeblinkuniverse.com/privkey.pem \
/etc/letsencrypt/live/eyeblinkuniverse.com/cert.pem > \
/etc/letsencrypt/live/eyeblinkuniverse/merged.pem
And then tell lighttpd to use it:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.ca-file = "/etc/letsencrypt/live/eyeblinkuniverse.com/chain.pem"
ssl.pemfile = "/etc/letsencrypt/live/eyeblinkuniverse.com/merged.pem"
}
And restart lighttpd. Test your new https://www.eyeblinkuniverse.com
Last step: create a cron job to run once a week that does
this:
certbot renew && \
cat /etc/letsencrypt/live/eyeblinkuniverse.com/privkey.pem \
/etc/letsencrypt/live/eyeblinkuniverse.com/cert.pem > \
/etc/letsencrypt/live/eyeblinkuniverse/merged.pem && \
service lighttpd restart
That should take care of you. If you run into trouble, you're
using the largest issuer of SSL certs and the most popular
client, and the cron job should let you know a month before the
cert actually expires.