Trouble enabling Https:// with Let's Encrypt on lighttpd Topic is solved

Having issues with your DietPi installation, or, found a bug? Post it here.
Post Reply
chucklesmcgee
Posts: 24
Joined: Tue Jun 02, 2020 7:19 pm

Trouble enabling Https:// with Let's Encrypt on lighttpd

Post by chucklesmcgee »

Apologies in advance for being stupid. Very inexperienced here.

I have lighttpd running with a no-ip address on http just fine (RPi4).

I ran dietpi-letsencrypt, punched in my domain info and such and got a success.

I edited my lightpttd .conf file to include

Code: Select all

$HTTP["host"] =~ ".*" {
        url.redirect = (".*" => "https://%0$0")
Then rebooted.

Still no change in https. Surely I'm missing some obvious step.
User avatar
Joulinar
Posts: 2584
Joined: Sat Nov 16, 2019 12:49 am

Re: Trouble enabling Https:// with Let's Encrypt on lighttpd

Post by Joulinar »

Hi,

many thanks for your request. Basically it's not needed to adjust any files if you use DietPi scripts to setup SSL/HTTPS. All steps are automatically done. Below a small step by step guide how to enable SSL using dietpi-letsencrypt
  1. create a clean DietPi installation and complete initial setup
  2. first you would need to have a DynDNS service that allow you to connect from outside world to your home network by using a dynamic domain name. If you already have a DDNS service, you can go to point 5
  3. to get a DDNS domain, you would need to register at https://www.noip.com/ first
  4. if you finished registration process, we can go to install No-IP software on your DietPi device
    • run dietpi-config
    • go to option 8 : Network Options: Misc
    • select No-IP
    • confirm installation
    • once installation of No-IP software is done, select No-IP again
    • enter your login credentials for No-IP
  5. if DDNS is working, continue with next step
  6. ensure Port 80 and 443 are forwarded (from your internet router) correctly to your DietPi device
  7. once ready, run dietpi-software, search and install NextCloud
  8. once installation completed and your system was rebooted, try to connect to your Webserver on http (port 80)
  9. pls try to connect from your LAN as well as from Internet, you should receive the Webserver Default Page
    • once you're able to connect to your Webserver from Internet on http (80), got to point 10. (https - port 443 will not work at this stage)
    • if you are not able to connect on http (80) from internet, you would need to check why and what's wrong with your port forwarding
  10. let's do the SSL certificate now, run dietpi-letsencrypt
  11. install CertBot
  12. once done you will be ask for your Let'sEncrypt information
    • fill in your domain name (No-IP DDNS)
    • fill in your email address
    • set Redirect to ON
    • Apply the setting
  13. once finished (and all services started) you should be able to reach your website on http (80) as well as https (443)
  14. if you are opening the website on http (80) you should be automatically redirected to https (443)
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
chucklesmcgee
Posts: 24
Joined: Tue Jun 02, 2020 7:19 pm

Re: Trouble enabling Https:// with Let's Encrypt on lighttpd

Post by chucklesmcgee »

Thanks for that.

I've setup owncloud, is that ok?

I now can't access the http page at all, even using the IP, previously could access on both the local network and the dynamic URL.

I think I'm missing something really basic.
User avatar
Joulinar
Posts: 2584
Joined: Sat Nov 16, 2019 12:49 am

Re: Trouble enabling Https:// with Let's Encrypt on lighttpd

Post by Joulinar »

yes owncloud is fine. I used NextCloud as example an my small how-to. basically you should revert all manual changes you did.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
chucklesmcgee
Posts: 24
Joined: Tue Jun 02, 2020 7:19 pm

Re: Trouble enabling Https:// with Let's Encrypt on lighttpd

Post by chucklesmcgee »

Well, that worked. I was hesitant to do a clean install what with other services configured but it was far faster in the end than I had thought. Thanks!
User avatar
Joulinar
Posts: 2584
Joined: Sat Nov 16, 2019 12:49 am

Re: Trouble enabling Https:// with Let's Encrypt on lighttpd

Post by Joulinar »

yap indeed. sometimes it much faster starting from scratch to get a clean installation.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Deleted User 7758

Re: Trouble enabling Https:// with Let's Encrypt on lighttpd

Post by Deleted User 7758 »

Thanks for the walk-through @Joulinar
Quick question 1: Can port-forwarding for port 80 be turned off now that everything is being redirected to 443?
Quick question 2: Is there any security advantage to chasing the port of https to something else? (security through obscurity I know but is it a worthwhile step?)
User avatar
Joulinar
Posts: 2584
Joined: Sat Nov 16, 2019 12:49 am

Re: Trouble enabling Https:// with Let's Encrypt on lighttpd

Post by Joulinar »

I guess you would need to keep port 80 and 443 open, otherwise letsencrypt will not be able to renew certificates if needed. But it should not be a problem if you activated automatic redirection of HTTP to HTTPS (step 12). As well I don't think it's needed to move port 443 to something else.
Pls let us know if a solution is working. This could help others if they hit by similar situation. Your DietPi Team
Deleted User 7758

Re: Trouble enabling Https:// with Let's Encrypt on lighttpd

Post by Deleted User 7758 »

Thank you!
Post Reply