every knowledge is belong to everyone

Install Letsencrypt SSL into Pi-Hole Server

بِسْمِ اللهِ الرَّحْمنِ الرَّحِيمِ-

Create A hostname record in your domain

We should create A Hostname Record in your Domain Panel, for example of mine, i add a hostname record on Cloudflare

I use Ubuntu 16.04 to install Pihole and here the steps to install Letsencrypt into the box

[email protected]:~# apt-get install letsencrypt

After install Letsencrypt into the box, you can continue the steps below


Certificates will be issued by Let’s Encrypt using Certbot.

  1. Open up a root shell and make sure you’re in root’s home (probably /root).
  2. Go to the Certbot page and tell them you’re using none of the above (Pihole uses lighttpd). Select your OS. If you’re using Raspbian, choose Debian (other). (Raspbian doesn’t have jessie-backports, which are the instructions you get if you choose Debian 8)
  3. Go ahead and run the wget and chmod commands the website gives you.
  4. letsencrypt certonly --webroot -w /var/www/html -d example.com --dry-run replacing example.com with your domain. You can use -d multiple times if you have multiple domains (like www.example.com and example.com). This’ll take a while the first time as it installs all the bits and pieces it needs.
  5. Did everything look good? If it issued a certificate, great! If not, don’t proceed until you fix whatever went wrong. Odds are it failed to validate… you are using a real domain name, one the letsencrypt servers can resolve, right?
  6. Run the command again, this time without --dry-run so you get a real certificate.
  7. Edit /etc/lighttpd/conf.available/10-ssl.conf setting ssl.pemfile = "/etc/letsencrypt/live/example.com/combined.pem" and ssl.ca-file = "/etc/letsencrypt/live/example.com/chain.pem". Again, replace example.com with your domain.
  8. ln -s /etc/lighttpd/conf-available/10-ssl.conf /etc/lighttpd/conf-enabled/10-ssl.conf
  9. cd /etc/letsencrypt/live/example.com/ and cat privkey.pem cert.pem > combined.pem
  10. systemctl restart lighttpd
  11. If I didn’t forget any [more] steps, it should be working. Now, let’s automate renewals since Let’s Encrypt certificates are only good for 90 days.
  12. Add the following to the end of /etc/crontab (it’s one long line), replacing the first number with a random number between 0 and 59, and the second number with the hour you want the renew to happen.
47 5 * * * root /root/certbot-auto renew --quiet --no-self-upgrade --renew-hook "cat $RENEWED_LINEAGE/privkey.pem $RENEWED_LINEAGE/cert.pem > $RENEWED_LINEAGE/combined.pem;systemctl reload-or-try-restart lighttpd"

Original Post from Reddit


How to Redirect HTTP to HTTPS admin page

Open files lighttpd via Command Line (console)

/etc/lighttpd/lighttpd.conf

Tambahkan syntax berikut

compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" )
.
# [add after the syntax above]
.
# Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
 $HTTP["host"] =~ ".*" {
 url.redirect = (".*" => "https://%0$0")
 }
}

Restart lighttpd Service

service lighttpd restart

Previous

Bypass DNS Leak ISP di Indonesia

Next

Improve Your WordPress Performance

3 Comments

  1. Aaron

    Hi Achmad, thank you for this well written guide. Many other sites skip steps or assume certain things have already been installed.

    Two minor points, both relate to step 7:

    – The “conf.available” in the path given should read “conf-available”
    – ssl.ca-file is no longer included in 10-ssl.conf so this reference can be removed.

    I’d also like to suggest an improvement. Rather than editing /etc/lighttpd/lighttpd.conf you can simply add the lines “# Redirect HTTP to HTTPS” and below to /etc/lighttpd/external.conf instead to avoid it being overwritten by an update.

    • Achmad

      Hi Aron,

      Thanks for stop by and correction at “conf-available” and also your suggest for improvement 🙂

  2. Jon

    Hi Achmed,

    I noticed a typo at Let’s Encrypt step 7.

    Edit /etc/lighttpd/conf.available/10-ssl.conf should read,

    Edit /etc/lighttpd/conf-available/10-ssl.conf

Leave a Reply

Your email address will not be published.

Powered by WordPress & Theme by Anders Norén