Just got a invite to letsencrypt.com the other day
so this blog now has SSL on both ipv4/ipv6 and a A grade on ssllabs.com

for some reason i didnt get a A+ :/

check out caddy if you want a http/2/ssl enabled web server thats simple and supports letsencrypt

Join the beta programto get whitelisted

Stop lighttpd

  • sudo service lighttpd stop

then run letsencrypt client

  • git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt
  • ./letsencrypt-auto --agree-dev-preview --server \ https://acme-v01.api.letsencrypt.org/directory auth

combine files into ssl.pem

  • sudo su (login as root)
  • cd /etc/letsencrypt/live/yourdomain
  • cat privkey.pem cert.pem > ssl.pem

Forward Secrecy & Diffie Hellman Ephemeral Parameters

  • cd /etc/ssl/certs
  • openssl dhparam -out dhparam.pem 4096

Copy and paste the following into /etc/lighttpd/lighttpd.conf dont forget to change yourdomain to your domain
or you can put it into /etc/lighttpd/conf-enabled as letsencrypt.yourdomain.conf

now open port and start lighttpd

  • sudo ufw allow 443
  • sudo service lighttpd start
Receive $10 in credit at DigitalOcean for your VPS Hosting
€1.24 VPS from Time4VPs
Proudly published with Ghost | Theme based on Draugur | Header Image by GUWEIZ@DeviantArt
Creative Commons Licence