Lighttpd (and some other apps) requires both cert and privkey to be in the same .pem file #97

New Issue

adam · 2025-12-29T00:24:47+01:00

adam commented

2025-12-29 00:24:47 +01:00

Originally created by @the-vindicar on GitHub (May 11, 2016).

Could this be made an option?
Or, if it can be done with hook, can you add a doc entry regarding how to do it?

Originally created by @the-vindicar on GitHub (May 11, 2016). Could this be made an option? Or, if it can be done with hook, can you add a doc entry regarding how to do it?

adam closed this issue

2025-12-29 00:24:47 +01:00

adam commented

2025-12-29 00:24:49 +01:00

@lukas2511 commented on GitHub (May 11, 2016):

I don't want any more formats of keys and certs so this would have to be done with a hook script.

In theory something like this should work (untested):

#!/usr/bin/env bash

function deploy_cert {
    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"

    cat "${KEYFILE}" "${FULLCHAINFILE}" > "${BASEDIR}/certs/${DOMAIN}/combined.pem"
}

@lukas2511 commented on GitHub (May 11, 2016): I don't want any more formats of keys and certs so this would have to be done with a hook script. In theory something like this should work (untested): ``` #!/usr/bin/env bash function deploy_cert { local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}" cat "${KEYFILE}" "${FULLCHAINFILE}" > "${BASEDIR}/certs/${DOMAIN}/combined.pem" } ```

adam commented

2025-12-29 00:24:49 +01:00

@domenpk commented on GitHub (Jun 8, 2016):

Hook should actually contain CERTFILE instead of FULLCHAINFILE:

    echo " + HOOK: Merging KEYFILE and CERTFILE to ssl.pem"
    umask 0077
    cat "${KEYFILE}" "${CERTFILE}" > "${BASEDIR}/certs/${DOMAIN}/ssl.pem"

@domenpk commented on GitHub (Jun 8, 2016): Hook should actually contain CERTFILE instead of FULLCHAINFILE: ``` echo " + HOOK: Merging KEYFILE and CERTFILE to ssl.pem" umask 0077 cat "${KEYFILE}" "${CERTFILE}" > "${BASEDIR}/certs/${DOMAIN}/ssl.pem" ```

adam commented

2025-12-29 00:24:49 +01:00

@lukas2511 commented on GitHub (Jun 8, 2016):

@domenpk and then you are missing the chain certificates, which are important too ¯(ツ)/¯

@lukas2511 commented on GitHub (Jun 8, 2016): @domenpk and then you are missing the chain certificates, which are important too ¯_(ツ)_/¯

adam commented

2025-12-29 00:24:50 +01:00

@domenpk commented on GitHub (Jun 8, 2016):

Ah, no, no... Lighttpd has 2 config options ssl.pemfile and ssl.ca-file. Former should contain both KEYFILE and CERTFILE, latter is FULLCHAINFILE.

@domenpk commented on GitHub (Jun 8, 2016): Ah, no, no... Lighttpd has 2 config options `ssl.pemfile` and `ssl.ca-file`. Former should contain both KEYFILE and CERTFILE, latter is FULLCHAINFILE.

adam commented

2025-12-29 00:24:50 +01:00

@lukas2511 commented on GitHub (Jun 8, 2016):

Interesting... don't even want to know how it came to this.

Anyway, with hooks this can easily be done :)

@lukas2511 commented on GitHub (Jun 8, 2016): Interesting... don't even want to know how it came to this. Anyway, with hooks this can easily be done :)

adam commented

2025-12-29 00:24:50 +01:00

@the-vindicar commented on GitHub (Jun 8, 2016):

Using the hook method now and it works fine, thanks!
However, you might still want to add this use-case to documentation, for googlers' sake.

@the-vindicar commented on GitHub (Jun 8, 2016): Using the hook method now and it works fine, thanks! However, you might still want to add this use-case to documentation, for googlers' sake.

adam referenced this issue

2025-12-29 01:28:35 +01:00

[PR #97] [MERGED] Fix possibly broken syntax highlighting #711

Sign in to join this conversation.

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/dehydrated#97