How to setup lighttpd with a self signed ssl cert on debian with multiple host’s using name based virtual hosting.

Now first off let me say I take no responsibility if this works for you or not.

Also please note that this will only use the one self signed cert we’re going to make across all hosts, which is still encryption, just looks funny if your hosting for more then one business, being all the site’s I have on my server are my own, I don’t really care I just wanted some ssl encryption on my logins to my blogs and pages where I don’t want to send data in the clear. So going to will give you the same cert as going to will, but they are still secure.

First off let’s create our self signed certificate. Yes this will throw your browsers into a panic but if you save your exception to the warning permanently (which is fine) you’ll only see it once, plus it’s free ;)

[codesyntax lang="bash" bookmarkname="Generate a self signed pem file"]


This will  then ask you a bunch of questions that you can fill out for yourself, the one that matters is the -> Common Name (eg, YOUR name) []: prompt which is asking for the exact domain name you plan on using (eg. and will create a .pem file in whatever directory your in (so choose a non web accessible folder like /etc/lighttpd/ for it as this is a secret!) the expiration date of the cert file is noted in my example using 3650 which will generate a cert that’s good for 10 years! (hey it’s self signed, do I really want to do this every year?!) Feel free to change it as you see fit.

Now let’s lock that file down with some permissions.

[codesyntax lang="bash" bookmarkname="chpwn that pem file!"]

sudo chown www-data:www-data selfsigned.pem

sudo chmod 600 selfsigned.pem


Now being debian is awesome as well as lighttpd, you can just enter in the command

[codesyntax lang="bash" bookmarkname="bash"]


and it will enable the ssl extention for lighttpd!

now let’s setup lighttpd’s ssl conf.

[codesyntax lang="bash" bookmarkname="edit lighttpd's 10-ssl.conf"]

cd /etc/lighttpd/conf-enabled/
sudo nano 10-ssl.conf


and it should look something like this.

[codesyntax lang="bash" bookmarkname="10-ssl.conf lighttpd ssl setup"]

$SERVER["socket"] == “″ {
ssl.engine                  = “enable”
ssl.pemfile                 = “/etc/lighttpd/selfsigned.pem”
server.document-root = “/var/domain/http” #or wherever you web directory is so it doesnt display just the lighttpd default


now restart lighttpd

[codesyntax lang="bash" bookmarkname="restart lighttpd"]

sudo /etc/init.d/lighttpd force-reload


your lighttpd server should now reboot without any errors you can check the syntax for errors if you want by entering in

[codesyntax lang="bash" bookmarkname="check lighttpd's configuration file for errors"]

sudo lighttpd -t -f /etc/lighttpd/lighttpd.conf


now try your server by viewing a page using https such as and viola you should get that warning in your browser like I was saying and it shoud be just fine after you accept it!

Your Welcome!

7 thoughts on “How to setup lighttpd with a self signed ssl cert on debian with multiple host’s using name based virtual hosting.”

  1. Pingback: Erics Blog
  2. running Google Chrome 15.0.874.121 Google Chrome 15.0.874.121 on Mac OS X 10.7.2 Mac OS X 10.7.2
    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.2 (KHTML, like Gecko) Chrome/15.0.874.121 Safari/535.2

    Great tutorial! I was able to set it up on our website. We’re still in beta and won’t be dishing out the cash for a full cert until we’re about to launch, but some of our beta users have asked for SSL.

  3. running Firefox 7.0.1 Firefox 7.0.1 on GNU/Linux x64 GNU/Linux x64
    Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1

    Works like a charm. Thank you very much!

  4. running Chromium 24.0.1312.56 Chromium 24.0.1312.56 on Ubuntu x64 Ubuntu x64
    Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.17 (KHTML, like Gecko) Ubuntu Chromium/24.0.1312.56 Chrome/24.0.1312.56 Safari/537.17

    Thanks for the tutorial. Worked perfectly.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code class="" title="" data-url=""> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre class="" title="" data-url=""> <span class="" title="" data-url="">