My own script for letsencrypt on forum.jumpersheaven.com:
Code:
#!/bin/bash
rm -rf letsencrypt
git clone https://github.com/letsencrypt/letsencrypt
rm -rf /tmp/letsencrypt
mkdir -p /tmp/letsencrypt
./letsencrypt/letsencrypt-auto certonly --renew --webroot --webroot-path=/tmp/letsencrypt -d forum.jumpersheaven.com --email=INSERT@EMAIL.HERE
rm /etc/letsencrypt/live/forum.jumpersheaven.com/combined.pem
cat /etc/letsencrypt/live/forum.jumpersheaven.com/privkey.pem /etc/letsencrypt/live/forum.jumpersheaven.com/cert.pem > /etc/letsencrypt/live/forum.jumpersheaven.com/combined.pem
chown :www-data /etc/letsencrypt
chown :www-data /etc/letsencrypt/live
chown :www-data /etc/letsencrypt/archive
chown :www-data /etc/letsencrypt/live/forum.jumpersheaven.com/combined.pem
chmod g+x /etc/letsencrypt/live/forum.jumpersheaven.com/combined.pem
chmod g+x /etc/letsencrypt/live
chmod g+x /etc/letsencrypt/archive
With this as lighttpd.conf contents:
Code:
$HTTP["host"] =~ "forum.jumpersheaven.com"{
$SERVER["socket"] == ":443"{
ssl.engine = "enable"
ssl.ca-file = "/etc/letsencrypt/live/forum.jumpersheaven.com/chain.pem"
ssl.pemfile = "/etc/letsencrypt/live/forum.jumpersheaven.com/combined.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
ssl.dh-file = "/etc/ssl/certs/dhparam.pem"
ssl.ec-curve = "secp384r1"
ssl.use-compression = "disable"
setenv.add-response-header = (
"X-Frame-Options" => "DENY",
"X-Content-Type-Options" => "nosniff"
)
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
else $SERVER["socket"] == ":80"{
$HTTP["url"] =~ "^/\.well-known/"{
server.dir-listing = "disable"
server.document-root = "/tmp/letsencrypt"
}
else $HTTP["url"] =~ ""{
url.redirect = ("^/(.*)"=> "https://forum.jumpersheaven.com/$1")
}
}
}
I can just cronjob the first one and itll auto-renew my certificates