Contact us at |support@ssldragon.com

How to install an SSL certificate on Lighttpd Server?

Friday, December 11th, 2020

This article provides quick instructions on how to generate a CSR code and install an SSL certificate on Lighttpd. Split into four sections, this guide starts with CSR generation and SSL installation steps and finishes off with a brief history of Lighttpd, as well as some tips on where to buy an affordable certificate for your project.

If you’ve already generated the CSR (Certificate Signing Request) and received the necessary installation files from your Certificate Authority, skip the first section and go straight to the installation instructions. Use the links below to navigate between sections.

Generate a CSR Code on Lighttpd.
Install an SSL certificate on Lighttpd
Lighttpd history and versions
Where to buy the best SSL certificate for Lighttpd?

Generate a CSR code on Lighttpd

Recommended: Use our CSR Generator tool to create your CSR code. It’s quick and doesn’t require any technical knowledge. All you have to do is just fill in the form details, and click Generate CSR.

Alternatively, you can generate the CSR with OpenSSL commands directly on your server. You’ll need to login to your server via your terminal client (ssh). Follow the steps below:

  1. At the prompt, type:
    openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
    where yourdomain is the name of the domain you want to secure
  1. You’ll be prompted to enter your contact details. Please use the examples below:
  • Country Name (2 letter code): enter the official two-letter code of your country. For instance, US
  • State or Province Name: enter the full name of the state where your company is registered. For example, Tennessee
  •  Locality Name: enter the full name of the city where your company is located. For instance, Nashville
  • Organization Name: enter the full legal name of your organization. For example, Your Company LLC
  • Organizational Unit Name: enter the department in charge of your SSL Certificate. For example, IT
  • Common Name: provide the FQDN (fully-qualified domain name) you want to secure. For example, yourdomain.com
    The OpenSSL utility will generate your CSR and private key files. The private key file is necessary for the decryption of your SSL certificate. You can run the ls command to locate them in your working directory
  1. Open the CSR file with any text editor of your choice such as Notepad, and copy its contents including the —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– tags into the corresponding box during the SSL order process.
  2. Wait for the CA to validate your request. After you receive the SSL certificate, you can install it.

Install an SSL certificate on Lighttpd

After your CA sends the necessary files to your inbox, download the ZIP folder and extract its contents on your device. You’ll need the following files to complete the installation:

  •  The server certificate issued for your domain
  •  The intermediate certificate provided by the CA
  1. Copy and paste the contents of the intermediate certificate into a text editor such as Notepad. Save the file as intermediate.crt
  2. Locate your server certificate file and the private key files. Enter the commands below to copy them to your website directory.
    cp yourdomain.crt /etc/lighttpd/ssl/yourdomain.com
    cp yourdomain.key /etc/lighttpd/ssl/yourdomain.com
  1. You need to concatenate (combine) the key file and the certificate file into a single PEM file by running the following command:
    cat your_domain_name.key your_domain_name.crt > your_domain_name.pem
  1. Now, use the following command to open your lighttpd.conf file:
    vi /etc/lighttpd/lighttpd.conf
  1. Edit the Lighttpd configuration file. Add the following:
    $SERVER["socket"] == "yourdomain.com:443" {
    ssl.engine = "enable"
    ssl.pemfile = "/etc/lighttpd/yourdomain.com/yourdomain.pem"
    ssl.ca-file = "/etc/lighttpd/yourdomain.com/intermediate.crt"
    server.name = "yourdomain.com"
    server.document-root = "/home/lighttpd/yourdomain.com/https"
    server.errorlog = "/var/log/lighttpd/yourdomain.com/serror.log"
    accesslog.filename = "/var/log/lighttpd/yourdomain.com/saccess.log"
    }
    where
    ssl.engine = “enable” : Enable lighttpd SSL support
    ssl.pemfile = “/etc/lighttpd/yourdomain.com/yourdomain.pem”
    ssl.ca-file = “/etc/lighttpd/yourdomain.com/intermediate.crt”
  1. Save and close the config file.
  2. Restart the Lighttpd with the following command: /etc/init.d/lighttpd restart

That’s it. You’ve successfully installed your SSL cert on Lighttpd. For more information and troubleshooting, read the Lighttpd documentation for setting up SSL.

After you install the SSL Certificate, it’s recommended to scan your new certificate for potential errors or vulnerabilities, just to be on the safe side of things. With these powerful SSL tools, you can get instant reports on your SSL Certificate and its configuration.

Lighttpd history and versions

Lighttpd (pronounced “lighty”) is an open-source web server optimized for speed-critical environments, originally written by Jan Kneschke as a proof-of-concept of the c10k problem. Its name is a portmanteau of “light” and “httpd”. The initial release was in 2003, with the last stable version dating back to January 2020.

Where to buy the best SSL certificate for Lighttpd?

SSL dragon is your one-stop place for all your SSL needs. We offer the lowest prices on the market for the entire range of our SSL products. We’ve partnered with the best SSL brands in the industry to offer you high-end SSL security and dedicated support. All our SSL certificates are compatible with Lighttpd. Here are the SSL certificate types you can buy from us:

To help you select the perfect SSL certificate, we created a couple of handy SSL tools. Our SSL Wizard can recommend the best SSL deal for your online project, while the Certificate Filter, can help you sort and compare various products.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected] Your input would be greatly appreciated! Thank you.