How To Install Let’s Encrypt SSL With Lighttpd on CentOS 7

LetsEncrypt is a free open certificate authority (CA) that provides free certificates for websites and other services. The service, which is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai. Unfortunately, LetsEncrypt.org certificates currently have a 3 month lifetime. This means you’ll need to renew your certificate quarterly for now.

Table of Contents

Step 1. First let’s start by ensuring your system is up-to-date.

Step 2. Installing Let’s Encrypt SSL using Certbot.

Step 3. Configure Lighttpd For Your New Cert.

Step 4. Force HTTPS requests for Lighttpd.

Step 5. Set Up Let’s Encrypt SSL Auto Renewal.

 

 Prerequisites

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo’ to the commands to get root privileges. I will show you through the step by step installation Let’s Encrypt SSL with Lighttpd on a CentOS 7 server.
Install Let’s Encrypt SSL With Lighttpd on CentOS 7

Step 1. First let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Installing Let’s Encrypt SSL using Certbot.

In CentOS 7, you can find Certbot on the EPEL repository; if you enable it, just install what you need:

yum install epel-release
yum install certbo

You will also need to have Lighttpd installed and running. Of course, if you are adding certificates onto a previously configured web host this would already be installed:

yum -y install lighttpd
systemctl start lighttpd.service

Obtaining a certificate with Certbot:

certbot certonly --webroot -w /var/www/wpcademy.com -d wpcademy.com -d www.wpcademy.com

Combine both certificate and private key in one file.

Lighty likes its certificates formatted in a specific way, so we’re going to combine the private keys and certificate into one file that we’ll tell lighty about later:

cat /etc/letsencrypt/live/idroot.us/privkey.pem /etc/letsencrypt/live/wpcademy.com/cert.pem > /etc/letsencrypt/live/idroot.us/combined.pem

Step 3. Configure Lighttpd For Your New Cert.

Configure lighty to use the new certificate and chain:

nano /etc/lighttpd/lighttpd.conf

Use the below information:

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/wpcademy.com/web.pem"
ssl.ca-file = "/etc/letsencrypt/live/wpcademy.com/chain.pem"
server.name = "wpcademy.com" 
server.document-root = "/var/www/wpcademy.com"
server.errorlog = "/var/log/lighttpd/wpcademy.com_error.log"
accesslog.filename = "/var/log/lighttpd/wpcademy.com_access.log"

Step 4. Force HTTPS requests for Lighttpd.

We can also configure HTTP to HTTPS redirection on Lighttpd server so that the traffic comes to non-HTTPS site redirect to the HTTPS site:

$HTTP["scheme"] == "http" {
$HTTP["host"] == "wpcadem.com" {
url.redirect = ("/.*" => "https://idroot.us$0")
}
}

Save and close the file when you are finished.

Step 5. Set Up Let’s Encrypt SSL Auto Renewal.

Let’s Encrypt certificates comes with a validity of 90 days; it is highly advisable to configure the cron (Linux Scheduler) job to renew your certificates before they expire:

certbot renew --dry-run

If that appears to be working properly, configure a cron job for the below command:

certbot renew

Congratulation’s! You have successfully installed Let’s Encrypt. Thanks for using this tutorial for installing Let’s Encrypt SSL With Lighttpd on CentOS 7 system. For additional help or useful information, we recommend you to check the official Let’s Encrypt web site.

Leave a Reply