From 64965f407aecd88160346e162358feb0573c8448 Mon Sep 17 00:00:00 2001 From: jtbr Date: Sun, 26 Mar 2017 16:02:18 +0200 Subject: [PATCH] note about freedns.afraid.org --- How-to-run-on-DD-WRT-with-lighttpd.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/How-to-run-on-DD-WRT-with-lighttpd.md b/How-to-run-on-DD-WRT-with-lighttpd.md index cd9dfb3c..5f3f1a0c 100644 --- a/How-to-run-on-DD-WRT-with-lighttpd.md +++ b/How-to-run-on-DD-WRT-with-lighttpd.md @@ -21,7 +21,8 @@ This guide is written for a Kong build of DD-WRT, but should work with any that --home /jffs/usr/ssl --ca-path /opt/etc/ssl/certs \ --pre-hook "stopservice lighttpd" --post-hook "startservice lighttpd" ``` - Note: Be sure to replace [ddwrtdomain] with your domain name. To test your configuration, always add the `--test` parameter, to avoid being locked out by letsencrypt. + Note: Be sure to replace [ddwrtdomain] with your domain name. To test your configuration, always add the `--test` parameter, to avoid being locked out by letsencrypt. + Finally, note that letsencrypt will not issue certificates for certain "public domains" which are not registered as such. In particular, this currently precludes the 85,000 domains served by `freedns.afraid.org` from being issued certificates. 4. **Configure lighttpd to use the certificates provided by acme/letsencrypt.** To do this you will need to modify the default lighttpd.conf used by DD-WRT. The simplest way to do this is to copy the default configuration to /jffs/etc (`mkdir /jffs/etc; cp /tmp/lighttpd.conf /jffs/etc`), and then modify it (placed in that directory, it will override the default settings). Then modify /jffs/etc/lighttpd.conf (using [vi](http://www.mcsr.olemiss.edu/seminars/BASIC%20VI%20TUTORIAL.pdf)), so that the SSL section looks like this: ```