mitag - I get same error message. Search resulted with it's default since lighttpd 1.4.28
Remove the ssl.use-compression = “disable” from /etc/lighttpd/external.conf and it will go away.
-
@WaLLy3K
Like mitag, I used my own CA - however, it fails to serve the page over SSL/TLS. I tried using @fidelito17 method and modifying/adding the “mod_alias” to lighttpd.conf as well as commenting/removing the ssl.use-compression = “disable”
This site can’t be reached
dns1.domain.com refused to connect.
Over Chrome (version 67.0.3396.99) hit F12 - Security :
Certificate - valid and trusted
The connection to this site is using a valid, trusted server certificate issued by unknown name.
Resources - all served securely
All resources on this page are served securely.
The certificates do not seem to be the issue. Not sure what I'm missing here.
Please let me know if you have any ideas.
Steps taken :
- Modifying the ["host"] section /etc/lighttpd/external.conf file to dns1.domain.com
- $HTTP["host"] == "dns1.domain.com" {
- Pointing the ssl.pemfile and ssl.ca-file to the respective directory
- ssl.pemfile = "/home/pi/Downloads/dns1.pem"
- ssl.ca-file = "/home/pi/Downloads/root.pem"
- Note - have tried RSA and ECDSA based CA's, and tried changing the ssl.cipher-list; always shows the error of refusing to connect. The FQDN does have an A record, and the certificate does have the SAN for the FQDN. Created the dns1.pem via cat server.crt server.key > dns1.pem
Permissions :
pi@dns1:~/Downloads$ ls -l
total 16
-rw-r--r-- 1 pi pi 8387 Jul 15 08:46 dns1.pem
-rw-r--r-- 1 pi pi 1838 Jul 15 07:46 root.pem
lighttpd -v : lighttpd/1.4.45 (ssl) - a light and fast webserver Build-Date: Jan 14 2017 21:07:19
openssl version : OpenSSL 1.1.0f 25 May 2017
Raspbian version : Linux version 4.14.52-v7+ (dc4@dc4-XPS13-9333) (gcc version 4.9.3 (crosstool-NG crosstool-ng-1.22.0-88-g8460611)) #1123 SMP Wed Jun 27 17:35:49 BST 2018
Edit / Update : The configuration was correct (certs, external.conf, etc) - originally was using Raspbian with Desktop, swapped over to the Stretch Lite and it worked right away. Found some blurb on reddit where pihole didn't cooperate with the desktop version. While I didn't see any issue with the DNS functionality on it, it looks like it prevented the TLS to the WebUI. Figured if someone else comes across this, can be used as a reference.