Lighttpd是一个被遗忘的web服务器。本教程适用于ubuntu 16.04
安装Lighttpd
apt install lighttpd
安装letsencrypt
apt-get install letsencrypt
创建一个验证目录
mkdir -p /var/www/letsencrypt/.well-known/
添加Lighttpd目录配置
alias.url += ( "/.well-known/" => "/var/www/letsencrypt/.well-known/" )
创建配置文件
/opt/letsencrypt/letsencrypt-auto certonly --webroot --manual-public-ip-logging-ok -d example.com --agree-tos -m you@example.com --text -w /var/www/letsencrypt/
替换邮箱、域名,注意example.com无需加www
证书说明
privkey.pem: 私钥
cert.pem: 只有服务器证书
chain.pem: 根证书+中级证书
fullchain.pem: 根证书+中级证书+服务器证书
续期
/opt/letsencrypt/certbot-auto renew
添加一个每周任务/etc/cron.weekly/letsencrypt
输入以下代码
#!/bin/bash /opt/letsencrypt/certbot-auto renew
配置Lighttpd
Lighttpd需要合并privkey.pem cert.pem
cd /etc/letsencrypt/live/example.com/ cat privkey.pem cert.pem > ssl.pem
在Lighttpd配置中添加
ssl.pemfile = /etc/letsencrypt/live/example.com/ssl.pem ssl.ca-file = /etc/letsencrypt/live/example.com/chain.pem
技巧
测试语法是否正确
lighttpd -t -f /etc/lighttpd/lighttpd.conf
后记
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;