CentOSLinuxTutorials

How To Install Let’s Encrypt SSL With Lighttpd on CentOS 7

Install Let’s Encrypt SSL With Lighttpd on CentOS 7

In this tutorial, we will show you how to install Let’s Encrypt SSL With Lighttpd on CentOS 7. For those of you who didn’t know, LetsEncrypt is a free open certificate authority (CA) that provides free certificates for websites and other services. The service, which is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai. Unfortunately, LetsEncrypt.org certificates currently have a 3 month lifetime. This means you’ll need to renew your certificate quarterly for now.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges. I will show you the step-by-step installation Let’s Encrypt SSL with Lighttpd on a CentOS 7 server.

Prerequisites

  • A server running one of the following operating systems: CentOS 7.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install Let’s Encrypt SSL With Lighttpd on CentOS 7

Step 1. First, let’s start by ensuring your system is up-to-date.

yum clean all
yum -y update

Step 2. Installing Let’s Encrypt SSL using Certbot.

In CentOS 7, you can find Certbot on the EPEL repository; if you enable it, just install what you need:

yum install epel-release
yum install certbo

You will also need to have Lighttpd installed and running. Of course, if you are adding certificates onto a previously configured web host this would already be installed:

yum -y install lighttpd
systemctl start lighttpd.service

Obtaining a certificate with Certbot:

certbot certonly --webroot -w /var/www/idroot.us -d idroot.us -d www.idroot.us

Combine both certificate and private key in one file.

Lighty likes its certificates formatted in a specific way, so we’re going to combine the private keys and certificate into one file that we’ll tell lighty about later:

cat /etc/letsencrypt/live/idroot.us/privkey.pem /etc/letsencrypt/live/idroot.us/cert.pem > /etc/letsencrypt/live/idroot.us/combined.pem

Step 3. Configure Lighttpd For Your New Cert.

Configure lighty to use the new certificate and chain:

nano /etc/lighttpd/lighttpd.conf

Use the below information:

$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/idroot.us/web.pem"
ssl.ca-file = "/etc/letsencrypt/live/idroot.us/chain.pem"
server.name = "idroot.us" 
server.document-root = "/var/www/idroot.us"
server.errorlog = "/var/log/lighttpd/idroot.us_error.log"
accesslog.filename = "/var/log/lighttpd/idroot.us_access.log"

Step 4. Force HTTPS requests for Lighttpd.

We can also configure HTTP to HTTPS redirection on the Lighttpd server so that the traffic that comes to the non-HTTPS site redirect to the HTTPS site:

$HTTP["scheme"] == "http" {
$HTTP["host"] == "idroot.us" {
url.redirect = ("/.*" => "https://idroot.us$0")
}
}

Save and close the file when you are finished.

Step 5. Set Up Let’s Encrypt SSL Auto-Renewal.

Let’s Encrypt certificates comes with a validity of 90 days; it is highly advisable to configure the cron (Linux Scheduler) job to renew your certificates before they expire:

certbot renew --dry-run

If that appears to be working properly, configure a cron job for the below command:

certbot renew

Congratulations! You have successfully installed Let’s Encrypt. Thanks for using this tutorial for installing Let’s Encrypt SSL With Lighttpd on CentOS 7 system. For additional help or useful information, we recommend you check the official Let’s Encrypt website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

Save

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button