Mon 09 Mar 2020
Reading time: (~ mins)
In one of previous posts I explained how to setup up a project with Sinatra + Lighttpd + SSL, which is actually one of my personal websites. For the sake of completeness I will walk you through how to ensure that setup retains proper certificates for free! The following solution is currently live on my site :)
Since we are using a non-supported server we have the privilege(and pleasure) of manually updating our server to comply with the new requirements. Log into your server as root then:
wget https://dl.eff.org/certbot-auto
sudo mv certbot-auto /usr/local/bin/certbot-auto
sudo chown root /usr/local/bin/certbot-auto
sudo chmod 0755 /usr/local/bin/certbot-auto
Those couple lines are taken directly from Let's Encrypt's website which gives us the latest certbot client. Then we kill the server, create a new certificate and setup a cron to automatically renew it.
fuser -v 80/tcp | cut -f 3 | xargs kill -9
sudo /usr/local/bin/certbot-auto certonly --standalone
After entering your domain name the cert should be created. Lighttpd expects certs in a single file so let's do that:
cd /etc/letsencrypt/live/mydomain
cat privkey.pem cert.pem > ssl.pem
Lastly to never worry again, let's setup a cron task that will automatically renew our certificates:
0 8 1 * * fuser -v 80/tcp | cut -f 3 | xargs kill -9 && /usr/local/bin/certbot-auto renew && cd /etc/letsencrypt/live/packmule.ca/ && cat privkey.pem cert.pem > ssl.pem && date >> ~/.cron.log && service lighttpd restart
The above cron reads as follows:
1. 8am every 1st of the month
2. we kill the server
3. run certbot-auto renew
4. navigate to the certificate folder (in my case for packmule.ca, YOU HAVE TO CHANGE THIS TO YOUR DOMAIN)
5. prep the cert into a single file for Lighttpd
6. log the date into a file for debugging purposes
7. restart our server
And voila, it's done. Enjoy!