How to secure Lighttpd with Let's Encrypt TLS/SSL certificate on Debian/Ubuntu

How to secure Lighttpd with Let's Encrypt TLS/SSL certificate on Debian/Ubuntu

To secure Lighttpd with a Let's Encrypt TLS/SSL certificate on Debian or Ubuntu, you will need to perform the following steps:

  1. Install the Let's Encrypt client, Certbot, by running the following command:
re‮ ref‬to:lautturi.com
sudo apt-get install python3-certbot-nginx
  1. Obtain a TLS/SSL certificate for your domain by running the following command, replacing <domain> with your domain name:
sudo certbot certonly --standalone -d <domain>

This will create a certificate and private key pair, and store them in the /etc/letsencrypt/live/<domain> directory.

  1. Modify the Lighttpd configuration file, /etc/lighttpd/lighttpd.conf, to include the following lines:
$SERVER["socket"] == ":443" {
        ssl.engine = "enable"
        ssl.pemfile = "/etc/letsencrypt/live/<domain>/fullchain.pem"
        ssl.privkey = "/etc/letsencrypt/live/<domain>/privkey.pem"
}
  1. Restart Lighttpd to apply the changes:
sudo service lighttpd restart
  1. Test the TLS/SSL configuration by accessing your domain using https:// instead of http://.

Note that the TLS/SSL certificate issued by Let's Encrypt is only valid for 90 days. You will need to renew the certificate before it expires. To do this, you can run the following command:

sudo certbot renew

This will renew the certificate and update the fullchain.pem and privkey.pem files in the /etc/letsencrypt/live/<domain> directory. You will need to restart Lighttpd to apply the changes.

Created Time:2017-10-29 22:08:37  Author:lautturi
How to secure Apache with Let's Encrypt Certificates on RHEL 8/9
How to secure MongoDB on Linux or Unix production server