Results 1 to 10 of 15

Thread: LetsEncrypt for https://killtube.org

Threaded View

Previous Post Previous Post   Next Post Next Post
  1. 15th March 2016, 10:21 #2
    IzNoGoD
    IzNoGoD is offline
    Assadministrator IzNoGoD's Avatar
    Join Date
    Aug 2012
    Posts
    1,730
    Thanks
    17
    Thanked 1,082 Times in 683 Posts
    My own script for letsencrypt on forum.jumpersheaven.com:

    Code:
    #!/bin/bash
rm -rf letsencrypt
git clone https://github.com/letsencrypt/letsencrypt
rm -rf /tmp/letsencrypt
mkdir -p /tmp/letsencrypt
./letsencrypt/letsencrypt-auto certonly --renew --webroot --webroot-path=/tmp/letsencrypt -d forum.jumpersheaven.com --email=INSERT@EMAIL.HERE
rm /etc/letsencrypt/live/forum.jumpersheaven.com/combined.pem
cat /etc/letsencrypt/live/forum.jumpersheaven.com/privkey.pem /etc/letsencrypt/live/forum.jumpersheaven.com/cert.pem > /etc/letsencrypt/live/forum.jumpersheaven.com/combined.pem
chown :www-data /etc/letsencrypt
chown :www-data /etc/letsencrypt/live
chown :www-data /etc/letsencrypt/archive
chown :www-data /etc/letsencrypt/live/forum.jumpersheaven.com/combined.pem
chmod g+x /etc/letsencrypt/live/forum.jumpersheaven.com/combined.pem
chmod g+x /etc/letsencrypt/live
chmod g+x /etc/letsencrypt/archive
    With this as lighttpd.conf contents:
    Code:
    $HTTP["host"] =~ "forum.jumpersheaven.com"{
	$SERVER["socket"] == ":443"{
			ssl.engine              = "enable"
			ssl.ca-file             = "/etc/letsencrypt/live/forum.jumpersheaven.com/chain.pem"
			ssl.pemfile             = "/etc/letsencrypt/live/forum.jumpersheaven.com/combined.pem"
			ssl.honor-cipher-order  = "enable"
			ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
			ssl.dh-file = "/etc/ssl/certs/dhparam.pem" 
			ssl.ec-curve = "secp384r1"
			ssl.use-compression     = "disable"
			setenv.add-response-header = (
					"X-Frame-Options" => "DENY",
					"X-Content-Type-Options" => "nosniff"
			)
			ssl.use-sslv2           = "disable"
			ssl.use-sslv3           = "disable"
	}
	else $SERVER["socket"] == ":80"{
		$HTTP["url"] =~ "^/\.well-known/"{
			server.dir-listing = "disable"
			server.document-root = "/tmp/letsencrypt"
		}
		else $HTTP["url"] =~ ""{
			url.redirect = ("^/(.*)"=> "https://forum.jumpersheaven.com/$1")
		}
	}
}
    I can just cronjob the first one and itll auto-renew my certificates
    "Does not work" is an error report for a bug between keyboard and chair.

    All hail Artie Effem
    Reply With QuoteReply With Quote

  2. The Following User Says Thank You to IzNoGoD For This Useful Post:

    kung foo man (15th March 2016)
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules