[Solved] Lighttpd v1.4.55 SSL w/SNI, multiple domains, only one SSL cert sent.
Added by STrRedWolf 4 months ago
OS & Distro: Linux Ubuntu 20.04.6 LTS
Version of lighttpd: 1.4.55 (ssl)
Config:
config {
var.PID = 1528982
var.CWD = "/etc/lighttpd/conf-enabled"
mimetype.assign = (
".pcf.Z" => "application/x-font-pcf",
".tar.bz2" => "application/x-gtar-compressed",
".tar.gz" => "application/x-gtar-compressed",
".ez" => "application/andrew-inset",
".anx" => "application/annodex",
# 5
".atom" => "application/atom+xml",
".atomcat" => "application/atomcat+xml",
".atomsrv" => "application/atomserv+xml",
".lin" => "application/bbolin",
".cu" => "application/cu-seeme",
# 10
".davmount" => "application/davmount+xml",
".dcm" => "application/dicom",
".tsp" => "application/dsptype",
".es" => "application/ecmascript",
".epub" => "application/epub+zip",
# 15
".pfr" => "application/font-tdpfr",
".spl" => "application/futuresplash",
".gz" => "application/gzip",
".hta" => "application/hta",
".jar" => "application/java-archive",
# 20
".ser" => "application/java-serialized-object",
".class" => "application/java-vm",
".js" => "application/javascript",
".mjs" => "application/javascript",
".json" => "application/json",
# 25
".jsonld" => "application/ld+json",
".m3g" => "application/m3g",
".hqx" => "application/mac-binhex40",
".cpt" => "application/mac-compactpro",
".nb" => "application/mathematica",
# 30
".nbp" => "application/mathematica",
".mbox" => "application/mbox",
".mdb" => "application/msaccess",
".doc" => "application/msword",
".dot" => "application/msword",
# 35
".mxf" => "application/mxf",
".asn" => "application/octet-stream",
".bin" => "application/octet-stream",
".deploy" => "application/octet-stream",
".ent" => "application/octet-stream",
# 40
".msp" => "application/octet-stream",
".msu" => "application/octet-stream",
".oda" => "application/oda",
".opf" => "application/oebps-package+xml",
".ogx" => "application/ogg",
# 45
".one" => "application/onenote",
".onepkg" => "application/onenote",
".onetmp" => "application/onenote",
".onetoc2" => "application/onenote",
".pdf" => "application/pdf",
# 50
".pgp" => "application/pgp-encrypted",
".key" => "application/pgp-keys",
".sig" => "application/pgp-signature",
".prf" => "application/pics-rules",
".ai" => "application/postscript",
# 55
".eps" => "application/postscript",
".eps2" => "application/postscript",
".eps3" => "application/postscript",
".epsf" => "application/postscript",
".epsi" => "application/postscript",
# 60
".ps" => "application/postscript",
".rar" => "application/rar",
".rdf" => "application/rdf+xml",
".rtf" => "application/rtf",
".stl" => "application/sla",
# 65
".smi" => "application/smil+xml",
".smil" => "application/smil+xml",
".wasm" => "application/wasm",
".xht" => "application/xhtml+xml",
".xhtml" => "application/xhtml+xml",
# 70
".xml" => "application/xml",
".xsd" => "application/xml",
".dtd" => "application/xml-dtd",
".xsl" => "application/xslt+xml",
".xslt" => "application/xslt+xml",
# 75
".xspf" => "application/xspf+xml",
".zip" => "application/zip",
".apk" => "application/vnd.android.package-archive",
".cdy" => "application/vnd.cinderella",
".ddeb" => "application/vnd.debian.binary-package",
# 80
".deb" => "application/vnd.debian.binary-package",
".udeb" => "application/vnd.debian.binary-package",
".sfd" => "application/vnd.font-fontforge-sfd",
".kml" => "application/vnd.google-earth.kml+xml",
".kmz" => "application/vnd.google-earth.kmz",
# 85
".xul" => "application/vnd.mozilla.xul+xml",
".xlb" => "application/vnd.ms-excel",
".xls" => "application/vnd.ms-excel",
".xlt" => "application/vnd.ms-excel",
".xlam" => "application/vnd.ms-excel.addin.macroEnabled.12",
# 90
".xlsb" => "application/vnd.ms-excel.sheet.binary.macroEnabled.12",
".xlsm" => "application/vnd.ms-excel.sheet.macroEnabled.12",
".xltm" => "application/vnd.ms-excel.template.macroEnabled.12",
".eot" => "application/vnd.ms-fontobject",
".thmx" => "application/vnd.ms-officetheme",
# 95
".cat" => "application/vnd.ms-pki.seccat",
".pps" => "application/vnd.ms-powerpoint",
".ppt" => "application/vnd.ms-powerpoint",
".ppam" => "application/vnd.ms-powerpoint.addin.macroEnabled.12",
".pptm" => "application/vnd.ms-powerpoint.presentation.macroEnabled.12",
# 100
".sldm" => "application/vnd.ms-powerpoint.slide.macroEnabled.12",
".ppsm" => "application/vnd.ms-powerpoint.slideshow.macroEnabled.12",
".potm" => "application/vnd.ms-powerpoint.template.macroEnabled.12",
".docm" => "application/vnd.ms-word.document.macroEnabled.12",
".dotm" => "application/vnd.ms-word.template.macroEnabled.12",
# 105
".odc" => "application/vnd.oasis.opendocument.chart",
".odb" => "application/vnd.oasis.opendocument.database",
".odf" => "application/vnd.oasis.opendocument.formula",
".odg" => "application/vnd.oasis.opendocument.graphics",
".otg" => "application/vnd.oasis.opendocument.graphics-template",
# 110
".odi" => "application/vnd.oasis.opendocument.image",
".odp" => "application/vnd.oasis.opendocument.presentation",
".otp" => "application/vnd.oasis.opendocument.presentation-template",
".ods" => "application/vnd.oasis.opendocument.spreadsheet",
".ots" => "application/vnd.oasis.opendocument.spreadsheet-template",
# 115
".odt" => "application/vnd.oasis.opendocument.text",
".odm" => "application/vnd.oasis.opendocument.text-master",
".ott" => "application/vnd.oasis.opendocument.text-template",
".oth" => "application/vnd.oasis.opendocument.text-web",
".pptx" => "application/vnd.openxmlformats-officedocument.presentationml.presentation",
# 120
".sldx" => "application/vnd.openxmlformats-officedocument.presentationml.slide",
".ppsx" => "application/vnd.openxmlformats-officedocument.presentationml.slideshow",
".potx" => "application/vnd.openxmlformats-officedocument.presentationml.template",
".xlsx" => "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
".xltx" => "application/vnd.openxmlformats-officedocument.spreadsheetml.template",
# 125
".docx" => "application/vnd.openxmlformats-officedocument.wordprocessingml.document",
".dotx" => "application/vnd.openxmlformats-officedocument.wordprocessingml.template",
".cod" => "application/vnd.rim.cod",
".mmf" => "application/vnd.smaf",
".sdc" => "application/vnd.stardivision.calc",
# 130
".sds" => "application/vnd.stardivision.chart",
".sda" => "application/vnd.stardivision.draw",
".sdd" => "application/vnd.stardivision.impress",
".sdf" => "application/vnd.stardivision.math",
".sdw" => "application/vnd.stardivision.writer",
# 135
".sgl" => "application/vnd.stardivision.writer-global",
".sxc" => "application/vnd.sun.xml.calc",
".stc" => "application/vnd.sun.xml.calc.template",
".sxd" => "application/vnd.sun.xml.draw",
".std" => "application/vnd.sun.xml.draw.template",
# 140
".sxi" => "application/vnd.sun.xml.impress",
".sti" => "application/vnd.sun.xml.impress.template",
".sxm" => "application/vnd.sun.xml.math",
".sxw" => "application/vnd.sun.xml.writer",
".sxg" => "application/vnd.sun.xml.writer.global",
# 145
".stw" => "application/vnd.sun.xml.writer.template",
".sis" => "application/vnd.symbian.install",
".cap" => "application/vnd.tcpdump.pcap",
".pcap" => "application/vnd.tcpdump.pcap",
".vsd" => "application/vnd.visio",
# 150
".vss" => "application/vnd.visio",
".vst" => "application/vnd.visio",
".vsw" => "application/vnd.visio",
".wbxml" => "application/vnd.wap.wbxml",
".wmlc" => "application/vnd.wap.wmlc",
# 155
".wmlsc" => "application/vnd.wap.wmlscriptc",
".wpd" => "application/vnd.wordperfect",
".wp5" => "application/vnd.wordperfect5.1",
".wk" => "application/x-123",
".7z" => "application/x-7z-compressed",
# 160
".abw" => "application/x-abiword",
".dmg" => "application/x-apple-diskimage",
".bcpio" => "application/x-bcpio",
".torrent" => "application/x-bittorrent",
".bz2" => "application/x-bzip",
# 165
".cab" => "application/x-cab",
".cbr" => "application/x-cbr",
".cbz" => "application/x-cbz",
".cda" => "application/x-cdf",
".cdf" => "application/x-cdf",
# 170
".vcd" => "application/x-cdlink",
".pgn" => "application/x-chess-pgn",
".mph" => "application/x-comsol",
".cpio" => "application/x-cpio",
".dcr" => "application/x-director",
# 175
".dir" => "application/x-director",
".dxr" => "application/x-director",
".dms" => "application/x-dms",
".wad" => "application/x-doom",
".dvi" => "application/x-dvi",
# 180
".gsf" => "application/x-font",
".pfa" => "application/x-font",
".pfb" => "application/x-font",
".pcf" => "application/x-font-pcf",
".mm" => "application/x-freemind",
# 185
".gan" => "application/x-ganttproject",
".gnumeric" => "application/x-gnumeric",
".sgf" => "application/x-go-sgf",
".gcf" => "application/x-graphing-calculator",
".gtar" => "application/x-gtar",
# 190
".taz" => "application/x-gtar-compressed",
".tbz" => "application/x-gtar-compressed",
".tgz" => "application/x-gtar-compressed",
".hdf" => "application/x-hdf",
".hwp" => "application/x-hwp",
# 195
".ica" => "application/x-ica",
".info" => "application/x-info",
".ins" => "application/x-internet-signup",
".isp" => "application/x-internet-signup",
".iii" => "application/x-iphone",
# 200
".iso" => "application/x-iso9660-image",
".jam" => "application/x-jam",
".jnlp" => "application/x-java-jnlp-file",
".jmz" => "application/x-jmol",
".chrt" => "application/x-kchart",
# 205
".kil" => "application/x-killustrator",
".skd" => "application/x-koan",
".skm" => "application/x-koan",
".skp" => "application/x-koan",
".skt" => "application/x-koan",
# 210
".kpr" => "application/x-kpresenter",
".kpt" => "application/x-kpresenter",
".ksp" => "application/x-kspread",
".kwd" => "application/x-kword",
".kwt" => "application/x-kword",
# 215
".latex" => "application/x-latex",
".lha" => "application/x-lha",
".lyx" => "application/x-lyx",
".lzh" => "application/x-lzh",
".lzx" => "application/x-lzx",
# 220
".book" => "application/x-maker",
".fb" => "application/x-maker",
".fbdoc" => "application/x-maker",
".fm" => "application/x-maker",
".frame" => "application/x-maker",
# 225
".frm" => "application/x-maker",
".maker" => "application/x-maker",
".mif" => "application/x-mif",
".m3u8" => "application/x-mpegURL",
".application" => "application/x-ms-application",
# 230
".manifest" => "application/x-ms-manifest",
".wmd" => "application/x-ms-wmd",
".wmz" => "application/x-ms-wmz",
".bat" => "application/x-msdos-program",
".com" => "application/x-msdos-program",
# 235
".dll" => "application/x-msdos-program",
".exe" => "application/x-msdos-program",
".msi" => "application/x-msi",
".nc" => "application/x-netcdf",
".pac" => "application/x-ns-proxy-autoconfig",
# 240
".nwc" => "application/x-nwc",
".o" => "application/x-object",
".oza" => "application/x-oz-application",
".p7r" => "application/x-pkcs7-certreqresp",
".crl" => "application/x-pkcs7-crl",
# 245
".pyc" => "application/x-python-code",
".pyo" => "application/x-python-code",
".qgs" => "application/x-qgis",
".shp" => "application/x-qgis",
".shx" => "application/x-qgis",
# 250
".qtl" => "application/x-quicktimeplayer",
".rdp" => "application/x-rdp",
".rpm" => "application/x-redhat-package-manager",
".rss" => "application/x-rss+xml",
".rb" => "application/x-ruby",
# 255
".sce" => "application/x-scilab",
".sci" => "application/x-scilab",
".xcos" => "application/x-scilab-xcos",
".shar" => "application/x-shar",
".swf" => "application/x-shockwave-flash",
# 260
".swfl" => "application/x-shockwave-flash",
".scr" => "application/x-silverlight",
".sql" => "application/x-sql",
".sit" => "application/x-stuffit",
".sitx" => "application/x-stuffit",
# 265
".sv4cpio" => "application/x-sv4cpio",
".sv4crc" => "application/x-sv4crc",
".tar" => "application/x-tar",
".gf" => "application/x-tex-gf",
".pk" => "application/x-tex-pk",
# 270
".texi" => "application/x-texinfo",
".texinfo" => "application/x-texinfo",
".roff" => "application/x-troff",
".t" => "application/x-troff",
".tr" => "application/x-troff",
# 275
".man" => "application/x-troff-man",
".me" => "application/x-troff-me",
".ms" => "application/x-troff-ms",
".ustar" => "application/x-ustar",
".src" => "application/x-wais-source",
# 280
".wz" => "application/x-wingz",
".crt" => "application/x-x509-ca-cert",
".xcf" => "application/x-xcf",
".fig" => "application/x-xfig",
".xpi" => "application/x-xpinstall",
# 285
".xz" => "application/x-xz",
".amr" => "audio/amr",
".awb" => "audio/amr-wb",
".axa" => "audio/annodex",
".au" => "audio/basic",
# 290
".snd" => "audio/basic",
".csd" => "audio/csound",
".orc" => "audio/csound",
".sco" => "audio/csound",
".flac" => "audio/flac",
# 295
".kar" => "audio/midi",
".mid" => "audio/midi",
".midi" => "audio/midi",
".m4a" => "audio/mpeg",
".mp2" => "audio/mpeg",
# 300
".mp3" => "audio/mpeg",
".mpega" => "audio/mpeg",
".mpga" => "audio/mpeg",
".m3u" => "audio/mpegurl",
".oga" => "audio/ogg",
# 305
".ogg" => "audio/ogg",
".opus" => "audio/ogg",
".spx" => "audio/ogg",
".sid" => "audio/prs.sid",
".aif" => "audio/x-aiff",
# 310
".aifc" => "audio/x-aiff",
".aiff" => "audio/x-aiff",
".gsm" => "audio/x-gsm",
".wax" => "audio/x-ms-wax",
".wma" => "audio/x-ms-wma",
# 315
".ra" => "audio/x-realaudio",
".ram" => "audio/x-realaudio",
".rm" => "audio/x-realaudio",
".pls" => "audio/x-scpls",
".sd2" => "audio/x-sd2",
# 320
".wav" => "audio/x-wav",
".alc" => "chemical/x-alchemy",
".cac" => "chemical/x-cache",
".cache" => "chemical/x-cache",
".csf" => "chemical/x-cache-csf",
# 325
".cascii" => "chemical/x-cactvs-binary",
".cbin" => "chemical/x-cactvs-binary",
".ctab" => "chemical/x-cactvs-binary",
".cdx" => "chemical/x-cdx",
".cer" => "chemical/x-cerius",
# 330
".c3d" => "chemical/x-chem3d",
".chm" => "chemical/x-chemdraw",
".cif" => "chemical/x-cif",
".cmdf" => "chemical/x-cmdf",
".cml" => "chemical/x-cml",
# 335
".cpa" => "chemical/x-compass",
".bsd" => "chemical/x-crossfire",
".csm" => "chemical/x-csml",
".csml" => "chemical/x-csml",
".ctx" => "chemical/x-ctx",
# 340
".cef" => "chemical/x-cxf",
".cxf" => "chemical/x-cxf",
".emb" => "chemical/x-embl-dl-nucleotide",
".embl" => "chemical/x-embl-dl-nucleotide",
".spc" => "chemical/x-galactic-spc",
# 345
".gam" => "chemical/x-gamess-input",
".gamin" => "chemical/x-gamess-input",
".inp" => "chemical/x-gamess-input",
".fch" => "chemical/x-gaussian-checkpoint",
".fchk" => "chemical/x-gaussian-checkpoint",
# 350
".cub" => "chemical/x-gaussian-cube",
".gau" => "chemical/x-gaussian-input",
".gjc" => "chemical/x-gaussian-input",
".gjf" => "chemical/x-gaussian-input",
".gal" => "chemical/x-gaussian-log",
# 355
".gcg" => "chemical/x-gcg8-sequence",
".gen" => "chemical/x-genbank",
".hin" => "chemical/x-hin",
".ist" => "chemical/x-isostar",
".istr" => "chemical/x-isostar",
# 360
".dx" => "chemical/x-jcamp-dx",
".jdx" => "chemical/x-jcamp-dx",
".kin" => "chemical/x-kinemage",
".mcm" => "chemical/x-macmolecule",
".mmd" => "chemical/x-macromodel-input",
# 365
".mmod" => "chemical/x-macromodel-input",
".mol" => "chemical/x-mdl-molfile",
".rd" => "chemical/x-mdl-rdfile",
".rxn" => "chemical/x-mdl-rxnfile",
".sd" => "chemical/x-mdl-sdfile",
# 370
".tgf" => "chemical/x-mdl-tgf",
".mcif" => "chemical/x-mmcif",
".mol2" => "chemical/x-mol2",
".b" => "chemical/x-molconn-Z",
".gpt" => "chemical/x-mopac-graph",
# 375
".mop" => "chemical/x-mopac-input",
".mopcrt" => "chemical/x-mopac-input",
".mpc" => "chemical/x-mopac-input",
".zmt" => "chemical/x-mopac-input",
".moo" => "chemical/x-mopac-out",
# 380
".mvb" => "chemical/x-mopac-vib",
".prt" => "chemical/x-ncbi-asn1-ascii",
".aso" => "chemical/x-ncbi-asn1-binary",
".val" => "chemical/x-ncbi-asn1-binary",
".pdb" => "chemical/x-pdb",
# 385
".ros" => "chemical/x-rosdal",
".sw" => "chemical/x-swissprot",
".vms" => "chemical/x-vamas-iso14976",
".vmd" => "chemical/x-vmd",
".xtel" => "chemical/x-xtel",
# 390
".xyz" => "chemical/x-xyz",
".ttc" => "font/collection",
".otf" => "font/ttf",
".ttf" => "font/ttf",
".woff" => "font/woff",
# 395
".woff2" => "font/woff2",
".gif" => "image/gif",
".ief" => "image/ief",
".jp2" => "image/jp2",
".jpg2" => "image/jp2",
# 400
".jpe" => "image/jpeg",
".jpeg" => "image/jpeg",
".jpg" => "image/jpeg",
".jpm" => "image/jpm",
".jpf" => "image/jpx",
# 405
".jpx" => "image/jpx",
".pcx" => "image/pcx",
".png" => "image/png",
".svg" => "image/svg+xml",
".svgz" => "image/svg+xml",
# 410
".tif" => "image/tiff",
".tiff" => "image/tiff",
".djv" => "image/vnd.djvu",
".djvu" => "image/vnd.djvu",
".ico" => "image/vnd.microsoft.icon",
# 415
".wbmp" => "image/vnd.wap.wbmp",
".cr2" => "image/x-canon-cr2",
".crw" => "image/x-canon-crw",
".ras" => "image/x-cmu-raster",
".cdr" => "image/x-coreldraw",
# 420
".pat" => "image/x-coreldrawpattern",
".cdt" => "image/x-coreldrawtemplate",
".erf" => "image/x-epson-erf",
".art" => "image/x-jg",
".jng" => "image/x-jng",
# 425
".bmp" => "image/x-ms-bmp",
".nef" => "image/x-nikon-nef",
".orf" => "image/x-olympus-orf",
".psd" => "image/x-photoshop",
".pnm" => "image/x-portable-anymap",
# 430
".pbm" => "image/x-portable-bitmap",
".pgm" => "image/x-portable-graymap",
".ppm" => "image/x-portable-pixmap",
".rgb" => "image/x-rgb",
".xbm" => "image/x-xbitmap",
# 435
".xpm" => "image/x-xpixmap",
".xwd" => "image/x-xwindowdump",
".eml" => "message/rfc822",
".iges" => "model/iges",
".igs" => "model/iges",
# 440
".mesh" => "model/mesh",
".msh" => "model/mesh",
".silo" => "model/mesh",
".vrml" => "model/vrml",
".wrl" => "model/vrml",
# 445
".x3db" => "model/x3d+binary",
".x3dv" => "model/x3d+vrml",
".x3d" => "model/x3d+xml",
".appcache" => "text/cache-manifest",
".ics" => "text/calendar",
# 450
".icz" => "text/calendar",
".css" => "text/css; charset=utf-8",
".csv" => "text/csv; charset=utf-8",
".323" => "text/h323",
".htm" => "text/html",
# 455
".html" => "text/html",
".shtml" => "text/html",
".uls" => "text/iuls",
".markdown" => "text/markdown; charset=utf-8",
".md" => "text/markdown; charset=utf-8",
# 460
".mml" => "text/mathml",
".asc" => "text/plain; charset=utf-8",
".brf" => "text/plain; charset=utf-8",
".conf" => "text/plain; charset=utf-8",
".log" => "text/plain; charset=utf-8",
# 465
".pot" => "text/plain; charset=utf-8",
".spec" => "text/plain; charset=utf-8",
".srt" => "text/plain; charset=utf-8",
".text" => "text/plain; charset=utf-8",
".txt" => "text/plain; charset=utf-8",
# 470
".rtx" => "text/richtext",
".sct" => "text/scriptlet",
".wsc" => "text/scriptlet",
".tsv" => "text/tab-separated-values",
".tm" => "text/texmacs",
# 475
".ttl" => "text/turtle",
".vcard" => "text/vcard",
".vcf" => "text/vcard",
".jad" => "text/vnd.sun.j2me.app-descriptor",
".wml" => "text/vnd.wap.wml",
# 480
".wmls" => "text/vnd.wap.wmlscript",
".bib" => "text/x-bibtex; charset=utf-8",
".boo" => "text/x-boo; charset=utf-8",
".h++" => "text/x-c++hdr; charset=utf-8",
".hh" => "text/x-c++hdr; charset=utf-8",
# 485
".hpp" => "text/x-c++hdr; charset=utf-8",
".hxx" => "text/x-c++hdr; charset=utf-8",
".c++" => "text/x-c++src; charset=utf-8",
".cc" => "text/x-c++src; charset=utf-8",
".cpp" => "text/x-c++src; charset=utf-8",
# 490
".cxx" => "text/x-c++src; charset=utf-8",
".h" => "text/x-chdr; charset=utf-8",
".htc" => "text/x-component",
".csh" => "text/x-csh; charset=utf-8",
".c" => "text/x-csrc; charset=utf-8",
# 495
".diff" => "text/x-diff; charset=utf-8",
".patch" => "text/x-diff; charset=utf-8",
".d" => "text/x-dsrc; charset=utf-8",
".hs" => "text/x-haskell; charset=utf-8",
".java" => "text/x-java; charset=utf-8",
# 500
".ly" => "text/x-lilypond; charset=utf-8",
".lhs" => "text/x-literate-haskell; charset=utf-8",
".moc" => "text/x-moc; charset=utf-8",
".p" => "text/x-pascal; charset=utf-8",
".pas" => "text/x-pascal; charset=utf-8",
# 505
".gcd" => "text/x-pcs-gcd",
".pl" => "text/x-perl; charset=utf-8",
".pm" => "text/x-perl; charset=utf-8",
".py" => "text/x-python; charset=utf-8",
".scala" => "text/x-scala; charset=utf-8",
# 510
".etx" => "text/x-setext",
".sfv" => "text/x-sfv",
".sh" => "text/x-sh; charset=utf-8",
".tcl" => "text/x-tcl; charset=utf-8",
".tk" => "text/x-tcl; charset=utf-8",
# 515
".cls" => "text/x-tex; charset=utf-8",
".ltx" => "text/x-tex; charset=utf-8",
".sty" => "text/x-tex; charset=utf-8",
".tex" => "text/x-tex; charset=utf-8",
".vcs" => "text/x-vcalendar",
# 520
".3gp" => "video/3gpp",
".ts" => "video/MP2T",
".axv" => "video/annodex",
".dl" => "video/dl",
".dif" => "video/dv",
# 525
".dv" => "video/dv",
".fli" => "video/fli",
".gl" => "video/gl",
".mp4" => "video/mp4",
".mpe" => "video/mpeg",
# 530
".mpeg" => "video/mpeg",
".mpg" => "video/mpeg",
".ogv" => "video/ogg",
".mov" => "video/quicktime",
".qt" => "video/quicktime",
# 535
".webm" => "video/webm",
".mxu" => "video/vnd.mpegurl",
".flv" => "video/x-flv",
".lsf" => "video/x-la-asf",
".lsx" => "video/x-la-asf",
# 540
".mkv" => "video/x-matroska",
".mpv" => "video/x-matroska",
".mng" => "video/x-mng",
".asf" => "video/x-ms-asf",
".asx" => "video/x-ms-asf",
# 545
".wm" => "video/x-ms-wm",
".wmv" => "video/x-ms-wmv",
".wmx" => "video/x-ms-wmx",
".wvx" => "video/x-ms-wvx",
".avi" => "video/x-msvideo",
# 550
".movie" => "video/x-sgi-movie",
".ice" => "x-conference/x-cooltalk",
".sisx" => "x-epoc/x-sisx-app",
".vrm" => "x-world/x-vrml",
"README" => "text/plain; charset=utf-8",
# 555
"Makefile" => "text/x-makefile; charset=utf-8",
"" => "application/octet-stream",
# 557
)
server.document-root = "/home/web/public_html"
server.upload-dirs = ("/var/cache/lighttpd/uploads")
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/var/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
userdir.path = "public_html"
userdir.include-user = ("tygris")
index-file.names = ("index.php", "index.html", "index.lighttpd.html")
url.access-deny = ("~", ".inc")
static-file.exclude-extensions = (".php", ".pl", ".fcgi")
compress.cache-dir = "/var/cache/lighttpd/compress/"
compress.filetype = ("application/javascript", "text/css", "text/html", "text/plain")
server.modules = (
"mod_access",
"mod_alias",
"mod_compress",
"mod_redirect",
"mod_accesslog",
"mod_userdir",
"mod_setenv",
"mod_openssl",
"mod_fastcgi",
# 9
)
fastcgi.server = (
".php" => (
(
"socket" => "/var/run/php/php7.4-fpm.sock",
"broken-scriptfilename" => "enable",
# 2
),
),
)
alias.url = (
"/javascript" => "/usr/share/javascript",
)
$SERVER["socket"] == ":443" {
# block 1
ssl.engine = "enable"
ssl.pemfile = "/etc/ssl/redwolf.ws/combined.pem"
ssl.ca-file = "/etc/ssl/redwolf.ws/fullchain.pem"
} # end of $SERVER["socket"] == ":443"
$HTTP["host"] == "www.redwolf.ws" {
# block 2
url.redirect = (
"^/(.*)" => "https://redwolf.ws/$1",
)
} # end of $HTTP["host"] == "www.redwolf.ws"
$HTTP["host"] == "secure.redwolf.ws" {
# block 3
server.document-root = "/home/web-secure/public_html"
accesslog.filename = "/var/log/lighttpd/redwolf-secure-access.log"
} # end of $HTTP["host"] == "secure.redwolf.ws"
$HTTP["host"] == "throng.band" {
# block 4
server.document-root = "/home/web-throng/public_html"
accesslog.filename = "/var/log/lighttpd/throng-access.log"
ssl.pemfile = "/etc/ssl/throng.band/combined.pem"
ssl.ca-file = "/etc/ssl/throng.band/fullchain.pem"
setenv.add-response-header = (
"X-Clacks-Overhead" => "GNU Terry Pratchett, Stephen Hawking, Linda M Price",
)
} # end of $HTTP["host"] == "throng.band"
$HTTP["host"] =~ "conjoined\.redwolf\.ws" {
# block 5
server.document-root = "/home/docmerc/public_html"
accesslog.filename = "/var/log/lighttpd/docmerc-access.log"
} # end of $HTTP["host"] =~ "conjoined\.redwolf\.ws"
$HTTP["host"] =~ "(www\.)?graywolfservices\.com" {
# block 6
server.document-root = "/home/kusanagisama/public_html"
accesslog.filename = "/var/log/lighttpd/kusanagisa-access.log"
} # end of $HTTP["host"] =~ "(www\.)?graywolfservices\.com"
$HTTP["host"] =~ "graywolfsvc\.redwolf\.ws" {
# block 7
server.document-root = "/home/kusanagisama/public_html"
accesslog.filename = "/var/log/lighttpd/kusanagisa-access.log"
} # end of $HTTP["host"] =~ "graywolfsvc\.redwolf\.ws"
}
Clients tested: Firefox, Chrome, openssl (command line below)
Mind me, this is frustrating. I just renewed my Let's Encrypt SSL certificates (long story), and now...
https://redwolf.ws -- works.
https://throng.band -- broken, send back *.redwolf.ws certificate even though it has a throng.band certificate.
I've read through the Docs_SSL document on configuring SSL via SNI. I followed the example... and that didn't work. I moved the $HTTP["host"] "throng.band" sections to inside $SERVER["socket"] ":443" {} and that didn't work ether. I've Googled for answers and this forum and as much as I try a lot of the configurations... it's not working.
What am I missing here?
Replies (2)
RE: Lighttpd v1.4.55 SSL w/SNI, multiple domains, only one SSL cert sent. - Added by gstrauss 4 months ago
openssl (command line below)
missing from post
I just renewed my Let's Encrypt SSL certificates (long story), and now...
Let's Encrypt certificates have a lifetime of 3 months.
Did this work 3 months ago?
What changed in the lighttpd.conf since it last worked?
Did you change the targets used by ssl.pemfile and ssl.ca-file, or did you merely update the contents of those files when you updated the Let's Encrypt certificates?
What else changed on your system?
If things worked 3 months ago and nothing else changed other than the certificates, then lighttpd 1.4.55 should return the correct certificate, just as it did with the old certificates.
(That said, changes in the certificates can have independent effects if your TLS clients are ancient since root certificates and certificate chains may have changed.)
Have you triple-checked that you restarted lighttpd since updating the certificates and that lighttpd is reading the lighttpd.conf files you have modified?
Have you tested your config with lighttpd -f /etc/lighttpd/lighttpd.conf -tt
Have you checked the lighttpd error log?
Did you mess up when updating your Let's Encrypt certificates? Perhaps /etc/ssl/throng.band/combined.pem is a copy of /etc/ssl/redwolf.ws/combined.pem and contains the certificate for *.redwolf.ws
What am I missing here?
Ubuntu is not well maintained. Canonical considers "do nothing" to be "maintenance" of anything not on the testing branch for a future release.
lighttpd 1.4.55 was released Jan 2020, 4 years ago.
Please recognize that you're asking for help with a version of software released 4 years ago because your distro of choice (Ubuntu) is poorly "maintained". (Almost nothing changes on older Ubuntu releases unless there is a security exploit.)
Ubuntu Focal Fossa appears to provide openssl 1.1.1f. openssl 1.1.1 has reached end-of-life and is no longer receiving security updates from the OpenSSL Foundation. ICYMI: this is noted in lighttpd TLS docs: Stay Secure
The latest lighttpd release is lighttpd 1.4.73, released Oct 2023. That is eighteen (18) production releases of lighttpd since lighttpd 1.4.55. In Sep 2021, the Let's Encrypt root certificate expired and there was a multi-year migration leading up to the expiration. I don't expect you to be aware of that, but mention it in the context of your system not being well-maintained. lighttpd 1.4.56 supported this change almost a year earlier in Nov 2020. You're not running lighttpd 1.4.56; your poorly "maintained" Ubuntu 20.04 does not have lighttpd 1.4.56 multiple years later.
lighttpd TLS docs instructs to put the certificate chain into ssl.pemfile. It does not appear that you are doing so above, as you are still using ssl.ca-file.
lighttpd TLS docs: Chained certificates notes that openssl (mis-)use of ssl.ca-file to complete certificates chains is a misfeature, yet, as above, you are still using ssl.ca-file. Did you overlook all that in the documentation?
lighttpd 1.4.56 was released Nov 2020, over 3 years ago, and migrated away from ancient openssl interfaces before openssl 1.0.2. lighttpd 1.4.56 added support for ssl.pemfile to have full certificate chains in ssl.pemfile when ssl.pemfile is in $HTTP["host"] blocks. Before lighttpd 1.4.56, the full certificate chain was only read from ssl.pemfile if in $SERVER["socket"] blocks, since ancient openssl 1.0.1 interfaces were used. Again, this was enhanced in lighttpd 1.4.56, released over 3 years ago. If you're still using lighttpd 1.4.55, you'll have to specify ssl.ca-file for certificate chains to be resolved for ssl.pemfile in $HTTP["host"] blocks, but each ssl.pemfile should also always contain the certificate and any intermediate certificate chain up to the root certificate.
RE: Lighttpd v1.4.55 SSL w/SNI, multiple domains, only one SSL cert sent. - Added by STrRedWolf 4 months ago
... guess it was time I upgraded to Ubuntu Server 22.04...
upgrades
struggles with even basic functionality
finds Apache got installed even though he removed it ages ago
nukes Apache off the server
restarts lighttpd
main page back
pulls old config back over
reloads lighttpd
everything works
Okay, this is solved. I'm off to file a bug with Ubuntu over their distro-version upgrade process...