check out caddy if you want a http/2/ssl enabled web server thats simple and supports letsencrypt

Join the beta programto get whitelisted

Stop lighttpd

  • sudo service lighttpd stop

then run letsencrypt client

  • git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt
  • ./letsencrypt-auto --agree-dev-preview --server \ https://acme-v01.api.letsencrypt.org/directory auth

combine files into ssl.pem

  • sudo su (login as root)
  • cd /etc/letsencrypt/live/yourdomain
  • cat privkey.pem cert.pem > ssl.pem

Forward Secrecy & Diffie Hellman Ephemeral Parameters

  • cd /etc/ssl/certs
  • openssl dhparam -out dhparam.pem 4096

Copy and paste the following into /etc/lighttpd/lighttpd.conf dont forget to change yourdomain to your domain
or you can put it into /etc/lighttpd/conf-enabled as letsencrypt.yourdomain.conf

now open port and start lighttpd

  • sudo ufw allow 443
  • sudo service lighttpd start