How to Setup SSL Certificate on Lighttpd Server

This guide will discuss how to set up SSL on the Lighttpd server.

How to Setup SSL Certificate on Lighttpd Server

Lighttpd is a free open-source web server built for high-performance environments. It provides low memory and resource requirements compared to other web servers such as Apache and Nginx.

Lighttpd also provides security features such as the ability to execute scripts safely and the support for HTTPS protocols.

SSL provides a secure and encrypted communication channel between the client and the server. SSL traffic is served on port 443.

Step 1 – Install Lighttpd Server

To install the Lighttpd server, update your system and use the APT package manager as shown in the commands below:

sudo apt-get update -y
sudo apt-get install lighttpd -y

Once the installation is complete, start the web server as:

sudo service lighttpd start
sudo service lighttpd status

Step 2 – Create Certificate Signing Request

A certificate signing request, or CSR for short, is a signing message used by the Certificate Authority to generate your SSL certificate. It contains information such as the common name, organization, location, etc.

Start by creating a directory where to store the CSR and key.

sudo mkdir /etc/lighttpd/ssl

Navigate into the directory created.

cd /etc/lighttpd/ssl

The next step is to create a CSR and the public key. In this tutorial, we will use the OpenSSL package.

sudo openssl req -new -newkey rsa:4096 -nodes -keyout domain.local.key -out domain.local.csr

Note: Replace domain.local.key and domain.local with the target domains.

The above command should prompt you to provide information for the CSR as shown in the example:

Step 3 – Create an SSL certificate from CA

Once you have the CSR and the key generated, as shown in the examples above, creating an SSL certificate is next.

You can order a certificate from providers such as DigiCert, GoDaddy or generate a self-signed one with OpenSSL.

Enter the command as shown below to generate a self-signed certificate.

sudo openssl x509 -req -days 365 -in domain.local.csr -signkey domain.local.key -out domain.local.crt

The command above should generate a certificate using the information from the CSR and KEY generated in the previous step.


The next step is to create a file combining the contents of the key and certificate as shown in the command below:

sudo cat domain.local.key domain.local.crt > domain.local.pem

Step 4 – Setup Lighttpd SSL

The next step is to configure Lighttpd for the SSL protocol. We will do this by editing the configuration file.

sudo vim /etc/lighttpd/lighttpd.conf

Enter the configuration as shown below to set up SSL support.

$SERVER["socket"] == ":443" {
     ssl.engine = "enable"
     ssl.pemfile = "/etc/lighttpd/ssl/domain.local.pem" = "domain.local"
     server.document-root = "/var/www/html/"

Next, verify the configuration file and restart the Lighttpd server to apply the changes.

sudo lighttpd -tf /etc/lighttpd/lighttpd.conf

If the command returns “Syntax OK”, proceed to restart the Lighttpd service as:

sudo service lighttpd restart


This article discussed setting up the SSL certificate on your Lighttpd web server using simple steps. It is good to remember that the procedure may vary slightly depending on the distribution where the server is installed.

If you enjoy our content, please consider buying us a coffee to support our work:

Table of Contents
Great! Next, complete checkout for full access to GeekBits.
Welcome back! You've successfully signed in.
You've successfully subscribed to GeekBits.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.