Skip to content

Setting up OpenSSL with Lighttpd

Introduction

Adding security to your website is important. In this guide, we'll see how to create and insert SSL certificates in Lighttpd.

Installation

We only need OpenSSL:

apt-get install openssl

Configuration

Generating SSL keys

Let's create an ssl directory in the Lighttpd configuration folder, then generate the certificates:

mkdir /etc/lighttpd/ssl
openssl req -new -x509 -keyout /etc/lighttpd/ssl/selfcert.pem -out /etc/lighttpd/ssl/selfcert.pem -days 3650 -nodes
  • selfcert.pem: use the name that interests you (e.g., deimos.fr.pem)
  • 3650: number of days the certificate is valid (10 years, we're safe for a good while)

Lighttpd

Let's enable the SSL module for Lighttpd:

lighty-enable-mod ssl

Then let's modify the SSL configuration file so it takes our new certificate into account (/etc/lighttpd/conf-available/10-ssl.conf):

1
2
3
4
$SERVER["socket"] == "0.0.0.0:443" {
                 ssl.engine                  = "enable"
                 ssl.pemfile                 = "/etc/lighttpd/ssl/deimos.fr.pem"
}

And that's it! All you need to do now is restart Lighttpd, and port 443 will be open with your certificate activated :-)