This article provides quick instructions on how to generate a CSR code and install an SSL certificate on lighttpd. Split into four sections, this guide starts with CSR generation and SSL installation steps and finishes off with a brief history of lighttpd, as well as some tips on where to buy an affordable certificate for your project.

If you’ve already generated the CSR (Certificate Signing Request) and received the necessary installation files from your Certificate Authority, skip the first section and go straight to the installation instructions. Use the links below to navigate between sections.

Generate a CSR Code on lighttpd.
Install an SSL certificate on lighttpd
lighttpd history and versions
Where to buy the best SSL certificate for lighttpd?

Generate a CSR code on lighttpd

Recommended: Use our CSR Generator tool to create your CSR code. It’s quick and doesn’t require any technical knowledge. All you have to do is just fill in the form details, and click Generate CSR.

Alternatively, you can generate the CSR with OpenSSL commands directly on your server. You’ll need to login to your server via your terminal client (ssh). Follow the steps below:

  1. At the prompt, type:
    openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
    where yourdomain is the name of the domain you want to secure
  1. You’ll be prompted to enter your contact details. Please use the examples below:
  • Country Name (2 letter code): enter the official two-letter code of your country. For instance, US
  • State or Province Name: enter the full name of the state where your company is registered. For example, Tennessee
  •  Locality Name: enter the full name of the city where your company is located. For instance, Nashville
  • Organization Name: enter the full legal name of your organization. For example, Your Company LLC
  • Organizational Unit Name: enter the department in charge of your SSL Certificate. For example, IT
  • Common Name: provide the FQDN (fully-qualified domain name) you want to secure. For example,
    The OpenSSL utility will generate your CSR and private key files. The private key file is necessary for the decryption of your SSL certificate. You can run the ls command to locate them in your working directory
  1. Open the CSR file with any text editor of your choice such as Notepad, and copy its contents including the —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– tags into the corresponding box during the SSL order process.
  2. Wait for the CA to validate your request. After you receive the SSL certificate, you can install it.

Install an SSL certificate on lighttpd

After your CA sends the necessary files to your inbox, download the ZIP folder and extract its contents on your device. You’ll need the following files to complete the installation:

  • The server certificate issued for your domain
  • The intermediate certificate provided by the CA
  • Your private key

lighttpd supports (and recommends) putting the primary certificate and intermediate certificate chain in ssl.pemfile, and recommends putting the private key in ssl.privkey, as this is the format supplied by many current popular CAs.

1. Use the following command to open your lighttpd.conf file:
vi /etc/lighttpd/lighttpd.conf

2. Edit the lighttpd configuration file. Add the following:
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/www.yourdomain.pem"

Note: The path to the PEM file certificate chain must contain both certificate chain and private key unless ssl.privkey is set. Since version 1.4.53 the path to the PEM file private key is required if private key is not in the ssl.pemfile.

3. Save and close the config file.

4. Restart the lighttpd with the following command: /etc/init.d/lighttpd restart

For more information, troubleshooting, and advanced configuration read the lighttpd documentation for setting up SSL.

After you install the SSL Certificate, it’s recommended to scan your new certificate for potential errors or vulnerabilities, just to be on the safe side of things.

lighttpd history and versions

lighttpd (pronounced “lighty”) is an open-source web server optimized for speed-critical environments, originally written by Jan Kneschke as a proof-of-concept of the c10k problem. Its name is a portmanteau of “light” and “httpd”. The initial release was in 2003.

lighttpd 1.4.56 (released Nov 2020), came with numerous improvements to lighttpd TLS support, including improving the use of OpenSSL APIs and adding support for multiple TLS libraries (OpenSSL, GnuTLS, Mbed TLS, NSS, and wolfSSL). The latest version of lighttpd is lighttpd 1.4.59, released 2 Feb 2021.)

Where to buy the best SSL certificate for lighttpd?

SSL dragon is your one-stop place for all your SSL needs. We offer the lowest prices on the market for the entire range of our SSL products. We’ve partnered with the best SSL brands in the industry to offer you high-end SSL security and dedicated support. All our SSL certificates are compatible with lighttpd. Here are the SSL certificate types you can buy from us:

To help you select the perfect SSL certificate, we created a couple of handy SSL tools. Our SSL Wizard can recommend the best SSL deal for your online project, while the Certificate Filter, can help you sort and compare various products.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected] Your input would be greatly appreciated! Thank you.