On Thu, Apr 15, 2021, 9:32 AM Dan Ritter <d...@randomstring.org> wrote:
> Kenneth Parker wrote:
> >
> > I use lighttpd for eyeblinkuniverse.com, with nano as my editor. I don't
> > quite understand the Certificates required for https. I guess it is time
> > for some lessons.
>
> The easiest thing to do here is to install certbot.
>
> Assuming that your web root is /var/www and your domain name is
> eyeblinkuniverse.com:
>
> certbot certonly --webroot -w /var/www -d eyeblinkuniverse.com -d
> www.eyeblinkuniverse.com
>
> It will ask you some questions, then it should drop some files
> in /etc/letsencrypt/live/eyeblinkuniverse.com/
>
> Now you need to combine those files for lighttpd:
>
> cat /etc/letsencrypt/live/eyeblinkuniverse.com/privkey.pem \
> /etc/letsencrypt/live/eyeblinkuniverse.com/cert.pem > \
> /etc/letsencrypt/live/eyeblinkuniverse/merged.pem
>
> And then tell lighttpd to use it:
>
> $SERVER["socket"] == ":443" {
> ssl.engine = "enable"
> ssl.ca-file = "/etc/letsencrypt/live/eyeblinkuniverse.com/chain.pem"
> ssl.pemfile = "/etc/letsencrypt/live/eyeblinkuniverse.com/merged.pem"
> }
>
>
> And restart lighttpd. Test your new https://www.eyeblinkuniverse.com
>
> Last step: create a cron job to run once a week that does
> this:
>
> certbot renew && \
> cat /etc/letsencrypt/live/eyeblinkuniverse.com/privkey.pem \
> /etc/letsencrypt/live/eyeblinkuniverse.com/cert.pem > \
> /etc/letsencrypt/live/eyeblinkuniverse/merged.pem && \
> service lighttpd restart
>
> That should take care of you. If you run into trouble, you're
> using the largest issuer of SSL certs and the most popular
> client, and the cron job should let you know a month before the
> cert actually expires.
>
Wow. Thanks! I had, also discussed this with the Support Staff at
Linode. You said it "MUCH" clearer than they did.
I am in the process of a System Upgrade (from Ubuntu 14.04 to Debian
Buster) and this will become, one of my, more enjoyable tasks.
Kenneth Parker
>
