Following this tutorial:
I have these files:
AAACertificateServices.crt
HSSL-etc.key
midominio.com.crt
SectigoRSADomainValidationSecureServerCA.crt
USERTrustRSAAAACA.crt
In the tutorial I see that it places 3 files:
/etc/letsencrypt/live/pihole.example.com/privkey.pem /etc/letsencrypt/live/pihole.example.com/cert.pem /etc/letsencrypt/live/pihole.example.com/combined.pem
privkey.pem would be HSSL-etc.key
cert.pem would be midominio.com.crt
combined.pem would be AAACertificateServices.crt
Or I'm wrong?
So, just change the extension.
Following this: ssl - How to get .pem file from .key and .crt files? - Stack Overflow
/etc/letsencrypt/live/pihole.example.com/HSSL-etc.pem
/etc/letsencrypt/live/pihole.example.com/midominio.com.pem
/etc/letsencrypt/live/pihole.example.com/AAACertificateServices.pem
So I see it edit: /etc/lighttpd/external.conf
$HTTP["host"] == "pihole.example.com" {
Ensure the Pi-hole Block Page knows that this is not a blocked domain
setenv.add-environment = ("fqdn" => "true")
Enable the SSL engine with a LE cert, only for this specific host
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/pihole.example.com/combined.pem"
ssl.ca-file = "/etc/letsencrypt/live/pihole.example.com/fullchain.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}
So what I understand is this:
$HTTP["host"] == "pihole.example.com" {
Ensure the Pi-hole Block Page knows that this is not a blocked domain
setenv.add-environment = ("fqdn" => "true")
Enable the SSL engine with a LE cert, only for this specific host
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/pihole.example.com/AAACertificateServices.pem"
ssl.ca-file = "/etc/letsencrypt/live/pihole.example.com/fullchain.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
Redirect HTTP to HTTPS
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://%0$0")
}
}
}
Then it changed:
ssl.pemfile = "/etc/letsencrypt/live/pihole.example.com/AAACertificateServices.pem"
ssl.ca-file = "/etc/letsencrypt/live/pihole.example.com/fullchain.pem"
And this file? fullchain.pem
Then I change all pihole.example.com to my domain example.com
Then:
sudo service lighttpd restart
And it does not work.
What am I doing wrong?