爲ubuntu中的Lighttpd配置Lets Encrypt

Lighttpd是一個被遺忘的web服務器。本教程適用於ubuntu 16.04

安裝Lighttpd

apt install lighttpd

安裝letsencrypt

apt-get install letsencrypt

建立一個驗證目錄

mkdir -p /var/www/letsencrypt/.well-known/

添加Lighttpd目錄配置

alias.url += ( "/.well-known/" => "/var/www/letsencrypt/.well-known/" )

建立配置文件

/opt/letsencrypt/letsencrypt-auto certonly --webroot --manual-public-ip-logging-ok -d example.com --agree-tos -m you@example.com --text  -w /var/www/letsencrypt/

替換郵箱、域名，注意example.com無需加www

證書說明

• privkey.pem: 私鑰
• cert.pem: 只有服務器證書
• chain.pem: 根證書+中級證書
• fullchain.pem: 根證書+中級證書+服務器證書

續期

/opt/letsencrypt/certbot-auto renew

添加一個每週任務/etc/cron.weekly/letsencrypt輸入如下代碼

#!/bin/bash
/opt/letsencrypt/certbot-auto renew

配置Lighttpd

Lighttpd須要合併privkey.pem cert.pem

cd /etc/letsencrypt/live/example.com/
cat privkey.pem cert.pem > ssl.pem

在Lighttpd配置中添加

ssl.pemfile = /etc/letsencrypt/live/example.com/ssl.pem
ssl.ca-file = /etc/letsencrypt/live/example.com/chain.pem

更多參考

技巧

測試語法是否正確

lighttpd -t -f /etc/lighttpd/lighttpd.conf

後記

nginx中只需添加

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;