[Solved] ssl setup
Added by Usodimare 13 days ago
I am trying to set up ssl in lighttpd.
RADXA E25 (Rockchip RK3568)
- OS Armbian Linux 6.12.19-current-rockchip (Ubuntu server 24.04)
- lighttpd version: 1.4.74 (ssl)
- OpenSSL version: 3.0.13 (pre-installed)
- web client: Firefox 136.0.1
for <mydomain> I have got the letsencrypt certificate:
- /etc/letsencrypt/live/ <mydomain> /fullchain.pem
- /etc/letsencrypt/live/ <mydomain> /privkey.pem
lighttpd.conf (# comments omitted):
Debian lighttpd base configuration
server.modules = (
"mod_indexfile",
"mod_access",
"mod_alias",
"mod_redirect",
)
server.modules += ("mod_openssl")
$SERVER["socket"] == ":443" {
ssl.engine = "enable"
ssl.pemfile = "/etc/letsencrypt/live/ _<mydomain>_ /fullchain.pem"
ssl.privkey = "/etc/letsencrypt/live/ _<mydomain>_ /privkey.pem"
}
server.name = " _<mydomain>_ "
server.document-root = "/var/www/html"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
#"url-query-20-plus" => "enable",# consistency in query string
"url-invalid-utf8-reject" => "enable",# recommended highly (unless breaks app)
)
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include "/etc/lighttpd/vhosts/*.conf"
I get the following error message:
~$ sudo service lighttpd start
Job for lighttpd.service failed because the control process exited with error code.
See "systemctl status lighttpd.service" and "journalctl -xeu lighttpd.service" for details.
~$ lighttpd -tt -f /etc/lighttpd/lighttpd.conf
2025-03-20 19:40:23: (plugin.c.221) dlopen() failed for: /usr/lib/lighttpd/mod_openssl.so /usr/lib/lighttpd/mod_openssl.so: cannot open shared object file: No such file or directory
2025-03-20 19:40:23: (server.c.1649) loading plugins finally failed
Actually no mod_openssl.so file in /usr/lib/lighttpd:
~$ ls /usr/lib/lighttpd -la
total 1096
drwxr-xr-x 2 root root 4096 Mar 11 17:02 .
drwxr-xr-x 73 root root 4096 Mar 18 18:25 ..
-rw-r--r-- 1 root root 67592 Apr 1 2024 mod_accesslog.so
-rw-r--r-- 1 root root 67592 Apr 1 2024 mod_ajp13.so
-rw-r--r-- 1 root root 67640 Apr 1 2024 mod_auth.so
-rw-r--r-- 1 root root 67688 Apr 1 2024 mod_authn_file.so
-rw-r--r-- 1 root root 67592 Apr 1 2024 mod_cgi.so
-rw-r--r-- 1 root root 67656 Apr 1 2024 mod_dirlisting.so
-rw-r--r-- 1 root root 67592 Apr 1 2024 mod_extforward.so
-rw-r--r-- 1 root root 67632 Apr 1 2024 mod_h2.so
-rw-r--r-- 1 root root 67592 Apr 1 2024 mod_proxy.so
-rw-r--r-- 1 root root 67592 Apr 1 2024 mod_rrdtool.so
-rw-r--r-- 1 root root 67432 Apr 1 2024 mod_sockproxy.so
-rw-r--r-- 1 root root 67640 Apr 1 2024 mod_ssi.so
-rw-r--r-- 1 root root 67592 Apr 1 2024 mod_status.so
-rw-r--r-- 1 root root 67592 Apr 1 2024 mod_userdir.so
-rw-r--r-- 1 root root 67592 Apr 1 2024 mod_vhostdb.so
-rw-r--r-- 1 root root 67592 Apr 1 2024 mod_wstunnel.so
Any suggestion, how to proceed?
Thank You
UsodimareReplies (5)
RE: ssl setup - Added by avij 13 days ago
Did you compile lighttpd by yourself, or did you use a packaged version of lighttpd?
If you compiled lighttpd yourself, see https://git.lighttpd.net/lighttpd/lighttpd1.4/src/branch/master/INSTALL and search for "openssl".
RE: ssl setup - Added by Usodimare 13 days ago
I have used the package form Ubuntu repository ($~ sudo apt-get install lighttpd)
Ubuntu server 24.04
Thank You for the help
Usodimare
RE: ssl setup - Added by gstrauss 13 days ago
https://packages.ubuntu.com/search?keywords=lighttpd
Have you installed the lighttpd-mod-openssl package?
RE: ssl setup - Added by Usodimare 12 days ago
Perfect gstrauss, now it works.
I have been deceived because last lighty release (1.4.74) should have included all packages necessary for ssl implementation
Thank to all You for the help.
Usodimare
RE: ssl setup - Added by gstrauss 12 days ago
I have been deceived because last lighty release (1.4.74) should have included all packages necessary for ssl implementation
lighttpd-mod-openssl has been a separate package since lighttpd 1.4.46, releleased Oct 2017, over 7 years ago, and has been part of Recommends in debian/control since that release. Perhaps you installed lighttpd without including the packages in Recommends. In any case, your issue is of your own making, not someone else's fault. You have been deceived by your own poor, unvalidated assumptions. Please check yourself.