First you must make sure that you have at least one dedicated IP address for this server. Every SSL enabled host must be on a different IP address!

Setting up Lighttpd can be more extensive than this, but here some basic instructions:



All operations should be performed as user root.

Make sure you have SSL built into Lighttpd:


Now you are ready to request a certificate from the StartCom CA. Once you validated your domain name(s) at the Validations Wizard, go to the Certificates Wizard and make your selection for SSL/TLS Server Certificate. Create the private key with the control panel and continue.

Go through the process and save all required files. Once you are done with it - and this depends if the certificate gets issued automatically or not - copy the key and certificate to your server.
Save also the sub.class1.server.ca.pem (Intermediate CA) and ca.pem (StartCom Root CA) to your server from here.

Now decrypt the private key you received:


Add the key to your certificate:


Create a unified CA chain certificate:


Ready for configuration of your server. Edit your lighttpd.conf file by adding the following in the file:


Now you should be ready to start/restart your SSL enabled Lighttpd server.

Thanks for your guide.It's really useful.

Thanks very much for the howto!

For those using class2 certificates:

• Use the class2 server cert in the chain (obvious, but i overlooked it at first, which gives nasty errors).
  you can get it here: https://www.startssl.com/certs/sub.class2.server.ca.pem.

• If you have a class2 wildcard certificate (e.g. *.example.tld), you may leave the 'servername' out. This is what i use:

I had to use the Intermediate CA here: http://www.startssl.com/certs/sub.class1.server.ca.crt
Looking at the info this seems newer so please update the info in the original post if necessary.

I found error in last ssl.pemfile = "/etc/lighttpd/ssl.crt" i don't now what error is please help me.

Most likely this should be the combined private key and certificate file. Decrypt the private key and add the content of the certificate to the same file - here named ssl.crt.

Hi All!

I am new to this whole ssl business, and i am stuck. I followed the instructions for lighttpd, but now it gives me an error, when i try to start it:
2008-10-25 16:44:27: (network.c.377) SSL: Private key does not match the certificate public key, reason: error:0906D066:PEM routines:PEM_read_bio:bad end line /path/to/ssl.crt

What do i wrong? Is there anything i can try to fix this?

Thanks,
Roland

Most likely you aren't using the corresponding private key. Either try to find the private key which matches your certificate or create a new certificate and new private key.

Hello,

is it also possible to have different certificates per domain on the same server?

- R.

I'm having the same problem here, Lighttpd Ver. 1.4.20(ssl) any ideas ?

I think the error is clearly stated. The private key doesn't match the certificate. Use the private key associated with this certificate. Make sure you don't mix up the files and decrypt the private key prior to using with the server.

Hello when trying to use a certificate in lighty this error appears:
Starting lighttpd: 2008-11-25 12:29:36: (network.c.358) SSL: error:0906D066:PEM routines:PEM_read_bio:bad end line /path/to/cert.ca

Any idea? :S I used this ca: https://www.startssl.com/certs/ca-bundle.crt

Thanks!

It's described in the instructions above:

Create a unified CA chain certificate:

Hi,

I am new here and just watched these guide lines. Thanks for your guide. It's really useful.

It's a great discussion as I found it very useful. I am new to using Lighttpd and this forum helps me a lot. Great job guys. Keep it up.

Pret immobilier