بِسْمِ اللهِ الرَّحْمنِ الرَّحِيمِ-
Create A hostname record in your domain
We should create A Hostname Record in your Domain Panel, for example of mine, i add a hostname record on Cloudflare
I use Ubuntu 16.04 to install Pihole and here the steps to install Letsencrypt into the box
root@at-taubah:~# apt-get install letsencrypt
After install Letsencrypt into the box, you can continue the steps below
Certificates will be issued by Let’s Encrypt using Certbot.
- Open up a root shell and make sure you’re in root’s home (probably /root).
- Go to the Certbot page and tell them you’re using none of the above (Pihole uses lighttpd). Select your OS. If you’re using Raspbian, choose Debian (other). (Raspbian doesn’t have jessie-backports, which are the instructions you get if you choose Debian 8)
- Go ahead and run the wget and chmod commands the website gives you.
letsencrypt certonly --webroot -w /var/www/html -d example.com --dry-run
replacing example.com with your domain. You can use -d multiple times if you have multiple domains (like www.example.com and example.com). This’ll take a while the first time as it installs all the bits and pieces it needs.- Did everything look good? If it issued a certificate, great! If not, don’t proceed until you fix whatever went wrong. Odds are it failed to validate… you are using a real domain name, one the letsencrypt servers can resolve, right?
- Run the command again, this time without
--dry-run
so you get a real certificate. - Edit
/etc/lighttpd/conf.available/10-ssl.conf
settingssl.pemfile = "/etc/letsencrypt/live/example.com/combined.pem"
andssl.ca-file = "/etc/letsencrypt/live/example.com/chain.pem"
. Again, replace example.com with your domain. ln -s /etc/lighttpd/conf-available/10-ssl.conf /etc/lighttpd/conf-enabled/10-ssl.conf
cd /etc/letsencrypt/live/example.com/
andcat privkey.pem cert.pem > combined.pem
systemctl restart lighttpd
- If I didn’t forget any [more] steps, it should be working. Now, let’s automate renewals since Let’s Encrypt certificates are only good for 90 days.
- Add the following to the end of /etc/crontab (it’s one long line), replacing the first number with a random number between 0 and 59, and the second number with the hour you want the renew to happen.
47 5 * * * root /root/certbot-auto renew --quiet --no-self-upgrade --renew-hook "cat \$RENEWED_LINEAGE/privkey.pem \$RENEWED_LINEAGE/cert.pem > \$RENEWED_LINEAGE/combined.pem;systemctl reload-or-try-restart lighttpd"
Original Post from Reddit
How to Redirect HTTP to HTTPS admin page
Open files lighttpd via Command Line (console)
/etc/lighttpd/lighttpd.conf
Tambahkan syntax berikut
compress.cache-dir = "/var/cache/lighttpd/compress/" compress.filetype = ( "application/javascript", "text/css", "text/html", "text/plain" ) . # [add after the syntax above] . # Redirect HTTP to HTTPS $HTTP["scheme"] == "http" { $HTTP["host"] =~ ".*" { url.redirect = (".*" => "https://%0$0") } }
Restart lighttpd Service
service lighttpd restart
Aaron
Hi Achmad, thank you for this well written guide. Many other sites skip steps or assume certain things have already been installed.
Two minor points, both relate to step 7:
– The “conf.available” in the path given should read “conf-available”
– ssl.ca-file is no longer included in 10-ssl.conf so this reference can be removed.
I’d also like to suggest an improvement. Rather than editing /etc/lighttpd/lighttpd.conf you can simply add the lines “# Redirect HTTP to HTTPS” and below to /etc/lighttpd/external.conf instead to avoid it being overwritten by an update.
Achmad
Hi Aron,
Thanks for stop by and correction at “conf-available” and also your suggest for improvement 🙂
Jon
Hi Achmed,
I noticed a typo at Let’s Encrypt step 7.
Edit /etc/lighttpd/conf.available/10-ssl.conf should read,
Edit /etc/lighttpd/conf-available/10-ssl.conf