Lighttpd

If it matters, I am using a recent version of Ubuntu 64-bit.

I am trying to follow the instructions given here:

https://aboutssl.org/install-ssl-certificate-on-lighttpd-server/

As instructed, I added the following to the /etc/lighttpd/lighttpd.conf file:

$SERVER[“socket”] == “mydomain.com:443” {
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd/ssl/mydomain.com/mydomain_com.pem”
ssl.ca-file = “/etc/lighttpd/ssl/mydomain.com/intermediate.crt”
server.name = “www.mydomain.com”
## server.document-root = “/home/lighttpd/mydomain.com/https”
server.document-root = “/var/www/html/moodle”
server.errorlog = “/var/log/lighttpd/mydomain.com/serror.log”
accesslog.filename = “/var/log/lighttpd/mydomain.com/saccess.log”
}

Some things to note:
- For server name I used “www.mydomain.com” not “mydomain.com” because that is the server name, not just the domain name.
- The cert files are in “/etc/lighttpd/ssl/" not “/etc/lighttpd/" just neater.
- I am having some trouble understanding server.document-root. In the same file it is set as "/var/www/html" for port 80. My understanding is: I am supposed to leave that alone. But, I suppose, I need a different document root for port 443. Since I setting up for moodle, I used "/var/www/html/moodle". I don't see why that should be a problem.

As instructed, I have the following files in my /etc/lighttpd/ssl/mydomain.com/ directory:
mydomain_com.pem
intermediate.crt

The files were created as instructed.

The log messages do not tell me anything useful.

# service lighttpd start
Job for lighttpd.service failed because the control process exited with error code.
See "systemctl status lighttpd.service" and "journalctl -xe" for details.

# systemctl status lighttpd.service
● lighttpd.service - Lighttpd Daemon
     Loaded: loaded (/lib/systemd/system/lighttpd.service; enabled; vendor preset: enabled)
     Active: failed (Result: exit-code) since Sun 2020-12-20 22:57:43 CET; 1min 1s ago
    Process: 209351 ExecStartPre=/usr/sbin/lighttpd -tt -f /etc/lighttpd/lighttpd.conf (code=exited, status=255/EXCEPTION)

Dec 20 22:57:43 www systemd[1]: lighttpd.service: Scheduled restart job, restart counter is at 5.
Dec 20 22:57:43 www systemd[1]: Stopped Lighttpd Daemon.
Dec 20 22:57:43 www systemd[1]: lighttpd.service: Start request repeated too quickly.
Dec 20 22:57:43 www systemd[1]: lighttpd.service: Failed with result 'exit-code'.
Dec 20 22:57:43 www systemd[1]: Failed to start Lighttpd Daemon.

# journalctl -xe
-- Subject: A start job for unit lighttpd.service has failed
-- Defined-By: systemd
-- Support: http://www.ubuntu.com/support
-- 
-- A start job for unit lighttpd.service has finished with a failure.
-- 
-- The job identifier is 80584 and the job result is failed.

Here is the full /etc/lighttpd/lighttpd.conf file:

server.modules = (
        "mod_indexfile",
        "mod_access",
        "mod_alias",
        "mod_redirect",
)

server.document-root        = "/var/www/html" 
server.upload-dirs          = ( "/var/cache/lighttpd/uploads" )
server.errorlog             = "/var/log/lighttpd/error.log" 
server.pid-file             = "/run/lighttpd.pid" 
server.username             = "www-data" 
server.groupname            = "www-data" 
server.port                 = 80

# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable" 
#  if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
  "header-strict"           => "enable",# default
  "host-strict"             => "enable",# default
  "host-normalize"          => "enable",# default
  "url-normalize-unreserved"=> "enable",# recommended highly
  "url-normalize-required"  => "enable",# recommended
  "url-ctrls-reject"        => "enable",# recommended
  "url-path-2f-decode"      => "enable",# recommended highly (unless breaks app)
 #"url-path-2f-reject"      => "enable",
  "url-path-dotseg-remove"  => "enable",# recommended highly (unless breaks app)
 #"url-path-dotseg-reject"  => "enable",
 #"url-query-20-plus"       => "enable",# consistency in query string
)

index-file.names            = ( "index.php", "index.html" )
url.access-deny             = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )

compress.cache-dir          = "/var/cache/lighttpd/compress/" 
compress.filetype           = ( "application/javascript", "text/css", "text/html", "text/plain" )

# default listening port for IPv6 falls back to the IPv4 port
## Use ipv6 if available
#include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl" 
include "/etc/lighttpd/conf-enabled/*.conf" 

#server.compat-module-load   = "disable" 
server.modules += (
        "mod_compress",
        "mod_dirlisting",
        "mod_staticfile",
)

$SERVER[“socket”] == “mydomain.com:443” {
ssl.engine = “enable”
ssl.pemfile = “/etc/lighttpd/ssl/mydomain.com/mydomain_com.pem”
ssl.ca-file = “/etc/lighttpd/ssl/mydomain.com/intermediate.crt”
server.name = “www.mydomain.com”
## server.document-root = “/home/lighttpd/mydomain.com/https”
server.document-root = “/var/www/html/moodle”
server.errorlog = “/var/log/lighttpd/mydomain.com/serror.log”
accesslog.filename = “/var/log/lighttpd/mydomain.com/saccess.log”
}