Lighttpd是一个被遗忘的web服务器。本教程适用于ubuntu 16.04

安装Lighttpd

apt install lighttpd

安装letsencrypt

apt-get install letsencrypt

创建一个验证目录

mkdir -p /var/www/letsencrypt/.well-known/

添加Lighttpd目录配置

alias.url += ( "/.well-known/" => "/var/www/letsencrypt/.well-known/" )

创建配置文件

/opt/letsencrypt/letsencrypt-auto certonly --webroot --manual-public-ip-logging-ok -d example.com --agree-tos -m you@example.com --text  -w /var/www/letsencrypt/

替换邮箱、域名，注意example.com无需加www

证书说明

• privkey.pem: 私钥

• cert.pem: 只有服务器证书

• chain.pem: 根证书+中级证书

• fullchain.pem: 根证书+中级证书+服务器证书

续期

/opt/letsencrypt/certbot-auto renew

添加一个每周任务/etc/cron.weekly/letsencrypt输入以下代码

#!/bin/bash
/opt/letsencrypt/certbot-auto renew

配置Lighttpd

Lighttpd需要合并privkey.pem cert.pem

cd /etc/letsencrypt/live/example.com/
cat privkey.pem cert.pem > ssl.pem

在Lighttpd配置中添加

ssl.pemfile = /etc/letsencrypt/live/example.com/ssl.pem
ssl.ca-file = /etc/letsencrypt/live/example.com/chain.pem

更多参考

技巧

测试语法是否正确

lighttpd -t -f /etc/lighttpd/lighttpd.conf

后记

Nginx中只需添加

ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;