Configuring SSL with Certbot for a multidomain configuration

lighttpd-1.4.55 with py37-certbot-1.5.0,1 on FreeBSD 12.1

Domain and folder configuration

We assume that you have already followed the Episode 01. Then there are several ways to configure multiple hosts on Lighttpd. We will use simple_vhost. For that, uncomment the following line in your module.conf usually found in /usr/local/etc/lighttpd/ on FreeBSD).

in module.conf

include "conf.d/simple_vhost.conf"

Then configure the simple_vhost module itself (in /usr/local/etc/lighttpd/conf.d/simple_vhost.conf). If mydomain.com is asked, Lighttpd will serve :

if the mydomain.com folder exists under server-root : server-root + mydomain.com + document-root / files
if the mydomain.com folder does not exist : server-root + default-host + document-root / files

So simple_vhost.conf must look like :

in simple_vhost.conf

simple-vhost.server-root = "/path_to_your_websites_root_folder/"
simple-vhost.default-host = "my_default_domain.com"
simple-vhost.document-root = "/httpdocs/"

where httpdocs is the name for html files in each domain folder. For example for your default domain, files will be under : /path_to_your_websites_root_folder/my_default_domain.com/httpdocs/

Each domain folder mentionned above must be created (with enough permission for www group) and configured (in lighttpd.conf), then Lighttpd must be restarted before going to the next step.

# service lighttpd restart

SSL configuration

Repeat the certbot operation described during the Episode 01, then configure your lighttpd.conf, in the SSL Support section with :

in lighttpd.conf

$SERVER["socket"] == ":443" {
  ssl.engine                 = "enable"
  $HTTP["host"]              =~ "(^|www\.)mydomain.com" {
    ssl.pemfile                = "/usr/local/etc/letsencrypt/live/mydomain.com/web.pem" #Combined_certificate
    ssl.ca-file                = "/usr/local/etc/letsencrypt/live/mydomain.com/chain.pem" # Root CA
  }
  $HTTP["host"]              =~ "(^|www\.)mydomain2.com" {
    ssl.pemfile                = "/usr/local/etc/letsencrypt/live/mydomain2.com/web.pem" #Combined_certificate
    ssl.ca-file                = "/usr/local/etc/letsencrypt/live/mydomain2.com/chain.pem" # Root CA
  }  

}

Log configuration

You can specify a per-domain configuration for logging. Usually mod_access is already loaded via module.conf by default. You can modify the configuration in /usr/local/etc/lighttpd/conf.d/access_log.conf by adding lines such as :

in access_log.conf

$HTTP["host"] =~ "(^|www\.)mydomain.com" {
  accesslog.filename = log_root + "/the_name_you_want.log"
}

log_root is specified in lighttpd.conf, you can change it if you want or also specified the complete path to the wanted log file. Do not forget to create the log file with write/read permissions.

# touch /path_to_your_log_file/the_name_you_want.log
# chown www:www /path_to_your_log_file/the_name_you_want.log

Comment ?

Should you have any comment on this page, get in touch !

---
Corl3ss
Back to index
Static Website made thanks to ssg
CC-BY-SA