Lets Encrypt via CertBot

Information

Installieren

yum search certbot
yum install certbot

SSL aktivieren

vim /etc/lighttpd/vhosts.d/ssl.conf >$SERVER[“socket”] == “:443” { > ssl.engine = “enable” > ssl.pemfile = “/etc/letsencrypt/live/laukien.com/web.pem” > ssl.ca-file = “/etc/letsencrypt/live/laukien.com/chain.pem” >}

Zertifikat erstellen

#certbot certonly --dry-run -d laukien.com
certbot certonly --webroot -w /var/www/lighttpd/laukien.com -d laukien.com -d www.laukien.com

Zertifikate zusammenfassen:

cat /etc/letsencrypt/live/laukien.com/cert.pem /etc/letsencrypt/live/laukien.com/privkey.pem > /etc/letsencrypt/live/laukien.com/web.pem

Challenge ertellen:

cd /var/www/lighttpd/laukien.com
mkdir -p .well-known/acme-challenge
cd .well-known/acme-challenge

vim /etc/lighttpd/vhosts.d/laukien.com.conf >… >} else $HTTP[“host”] == “my.laukien.com” { > server.document-root = “/var/www/lighttpd/laukien.com/” > cgi.assign = (“.pl” => “/usr/bin/perl”) > index-file.names = (“index.pl”) > server.error-handler-404 = “/error.pl” > alias.url += (“/impressum” => server.document-root + “/imprint.pl”) > url.rewrite-once = ( > “^/.well-known/acme-challenge/(.)" => "/.well-known/acme-challenge/$1", > "^/admin/(.)” => “/admin/$1”, >…

konfiguration aktivieren

systemctl restart lighttpd

Erneuern

#certbot renew –dry-run

certbot renew 
cat /etc/letsencrypt/live/laukien.com/cert.pem /etc/letsencrypt/live/laukien.com/privkey.pem > /etc/letsencrypt/live/laukien.com/web.pem