In this tutorial, we will show you how to install Let’s Encrypt SSL With Lighttpd on CentOS 7. For those of you who didn’t know, LetsEncrypt is a free open certificate authority (CA) that provides free certificates for websites and other services. The service, which is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai. Unfortunately, LetsEncrypt.org certificates currently have a 3 month lifetime. This means you’ll need to renew your certificate quarterly for now.
This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo
‘ to the commands to get root privileges. I will show you the step-by-step installation Let’s Encrypt SSL with Lighttpd on a CentOS 7 server.
Prerequisites
- A server running one of the following operating systems: CentOS 7.
- It’s recommended that you use a fresh OS install to prevent any potential issues.
- SSH access to the server (or just open Terminal if you’re on a desktop).
- A
non-root sudo user
or access to theroot user
. We recommend acting as anon-root sudo user
, however, as you can harm your system if you’re not careful when acting as the root.
Install Let’s Encrypt SSL With Lighttpd on CentOS 7
Step 1. First, let’s start by ensuring your system is up-to-date.
yum clean all yum -y update
Step 2. Installing Let’s Encrypt SSL using Certbot.
In CentOS 7, you can find Certbot on the EPEL repository; if you enable it, just install what you need:
yum install epel-release
yum install certbo
You will also need to have Lighttpd installed and running. Of course, if you are adding certificates onto a previously configured web host this would already be installed:
yum -y install lighttpd systemctl start lighttpd.service
Obtaining a certificate with Certbot:
certbot certonly --webroot -w /var/www/idroot.us -d idroot.us -d www.idroot.us
Combine both certificate and private key in one file.
Lighty likes its certificates formatted in a specific way, so we’re going to combine the private keys and certificate into one file that we’ll tell lighty about later:
cat /etc/letsencrypt/live/idroot.us/privkey.pem /etc/letsencrypt/live/idroot.us/cert.pem > /etc/letsencrypt/live/idroot.us/combined.pem
Step 3. Configure Lighttpd For Your New Cert.
Configure lighty to use the new certificate and chain:
nano /etc/lighttpd/lighttpd.conf
Use the below information:
$SERVER["socket"] == ":443" { ssl.engine = "enable" ssl.pemfile = "/etc/letsencrypt/live/idroot.us/web.pem" ssl.ca-file = "/etc/letsencrypt/live/idroot.us/chain.pem" server.name = "idroot.us" server.document-root = "/var/www/idroot.us" server.errorlog = "/var/log/lighttpd/idroot.us_error.log" accesslog.filename = "/var/log/lighttpd/idroot.us_access.log"
Step 4. Force HTTPS requests for Lighttpd.
We can also configure HTTP to HTTPS redirection on the Lighttpd server so that the traffic that comes to the non-HTTPS site redirect to the HTTPS site:
$HTTP["scheme"] == "http" { $HTTP["host"] == "idroot.us" { url.redirect = ("/.*" => "https://idroot.us$0") } }
Save and close the file when you are finished.
Step 5. Set Up Let’s Encrypt SSL Auto-Renewal.
Let’s Encrypt certificates comes with a validity of 90 days; it is highly advisable to configure the cron (Linux Scheduler) job to renew your certificates before they expire:
certbot renew --dry-run
If that appears to be working properly, configure a cron job for the below command:
certbot renew
Congratulations! You have successfully installed Let’s Encrypt. Thanks for using this tutorial for installing Let’s Encrypt SSL With Lighttpd on CentOS 7 system. For additional help or useful information, we recommend you check the official Let’s Encrypt website.