Lighttpd + SSL(Let's Encrypt) in 2020

Mon 09 Mar 2020
Reading time: (~ mins)

About a month ago I received an email from the Let's Encrypt association informing me that soon my ssl certificates would be failing to renew starting June 1, 2020:

In one of previous posts I explained how to setup up a project with Sinatra + Lighttpd + SSL, which is actually one of my personal websites. For the sake of completeness I will walk you through how to ensure that setup retains proper certificates for free! The following solution is currently live on my site :)

Since we are using a non-supported server we have the privilege(and pleasure) of manually updating our server to comply with the new requirements. Log into your server as root then:

sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto

Those couple lines are taken directly from Let's Encrypt's website which gives us the latest certbot client. Then we kill the server, create a new certificate and setup a cron to automatically renew it.

fuser -v 80/tcp | cut -f 3 | xargs kill -9
sudo /usr/local/bin/certbot-auto certonly --standalone

After entering your domain name the cert should be created. Lighttpd expects certs in a single file so let's do that:

cd /etc/letsencrypt/live/mydomain
cat privkey.pem cert.pem > ssl.pem

Lastly to never worry again, let's setup a cron task that will automatically renew our certificates:

  0 8 1 * * fuser -v 80/tcp | cut -f 3 | xargs kill -9 && /usr/local/bin/certbot-auto renew && cd /etc/letsencrypt/live/ && cat privkey.pem cert.pem > ssl.pem && date >> ~/.cron.log && service lighttpd restart

The above cron reads as follows:
1. 8am every 1st of the month
2. we kill the server
3. run certbot-auto renew
4. navigate to the certificate folder (in my case for, YOU HAVE TO CHANGE THIS TO YOUR DOMAIN)
5. prep the cert into a single file for Lighttpd
6. log the date into a file for debugging purposes
7. restart our server

And voila, it's done. Enjoy!

Questions? Free free to contact me anytime :)

Get Notified of Future Posts