Hello community, I am trying to setup LE on RaspBi running pi-hole.
I've used certbot to grab the files.
Had a few issues with A records and then permissions (think I was runnning the wrong command.)
Anyway I've now got the certs generated but my lighttpd service wont start when I have my external.conf file in the /etc/lighttpd/ folder
My domain is:
pihole.knobheads.xyz
I ran this command:
certbot certonly --webroot -w /var/www/html -d pihole.knobheads.xyz -d www.pihole.knobheads.xyz
It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for pihole.knobheads.xyz
http-01 challenge for www.pihole.knobheads.xyz
Using the webroot path /var/www/html for all unmatched domains.
Waiting for verification...
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/pihole.knobheads.xyz/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/pihole.knobheads.xyz/privkey.pem
Your cert will expire on 2022-09-11. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
My web server is (include version):
pi@pi-hole:~ $ lighttpd -v
lighttpd/1.4.45 (ssl) - a light and fast webserver
Build-Date: Jan 14 2017 21:07:19
The operating system my web server runs on is (include version):
pi@pi-hole:~ $ uname -a
Linux pi-hole 4.14.69-v7+ #1141 SMP Mon Sep 10 15:26:29 BST 2018 armv7l GNU/Linux
My hosting provider, if applicable, is:
NA
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
no
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot):
pi@pi-hole:~ $ certbot --version
certbot 0.28.0
I am trying to get SSL installed on my Raspberry Pi running Pi-Hole.
Ive got the certs generated but something has happened to my external.conf file that seems to stop lighttpd from running.
Here is is the contents of external.conf
$HTTP["host"] == "pihole.knobheads.xyz" {
# Ensure the Pi-hole Block Page knows that this is not a blocked domain
setenv.add-environment = ("fqdn" => "true")
# Enable the SSL engine with a LE cert, only for this specific host
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/pihole.knobheads.xyz/conf.pem"
ssl.ca-file = "/etc/letsencrypt/live/pihole.knobheads.xyz/intermediate.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-compression = "disable"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
# Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}
I followed this guide:
I modified the path to the pem files as they where originally pointing to /home/pi/
If I rename my external.conf to external.conf.bak then lighttpd will run.
Can some kind soul please help get this working?