diff --git a/HTTPS--support.md b/HTTPS--support.md index 2a006d3..aeaabaa 100644 --- a/HTTPS--support.md +++ b/HTTPS--support.md @@ -13,7 +13,7 @@ Read more about mkcert [here](https://blog.filippo.io/mkcert-valid-https-certifi ### How-To Follow the steps below to generate and install a locally-trusted certificate for RaspAP. The local domain `raspap.local` is used in the examples below. You may substitute this with the default `raspberrypi.local` or your own hostname. -Start by installing the pre-built binary for Arch Linux ARM on your Raspberry Pi: +1. Start by installing the pre-built binary for Arch Linux ARM on your Raspberry Pi: ``` sudo wget https://github.com/FiloSottile/mkcert/releases/download/v1.3.0/mkcert-v1.3.0-linux-arm -O /usr/local/bin/mkcert sudo chmod +x /usr/local/bin/mkcert @@ -24,7 +24,7 @@ You should see output like the following: Using the local CA at "/home/pi/.local/share/mkcert" ✨ The local CA is now installed in the system trust store! ⚡ī¸ ``` -Generate a certificate for `raspap.local`: +2. Generate a certificate for `raspap.local`: ``` mkcert raspap.local "*.raspap.local" raspap.local ``` @@ -38,24 +38,23 @@ Created a new certificate valid for the following names 📜 - "raspap.local" Reminder: X.509 wildcards only go one level deep, so this won't match a.b.raspap.local ℹī¸ - The certificate is at "./raspap.local+2.pem" and the key at "./raspap.local+2-key.pem" ✅ ``` -Next, combine the private key and certificate: +3. Next, combine the private key and certificate: ``` cd /home/pi cat raspap.local+2-key.pem raspap.local+2.pem > raspap.local.pem ``` -Create a directory for the combined `.pem` file in lighttpd: +4. Create a directory for the combined `.pem` file in lighttpd: ``` sudo mkdir /etc/lighttpd/ssl ``` -Set permissions and move the `.pem` file: +5. Set permissions and move the `.pem` file: ``` chmod 400 /home/pi/raspap.local.pem sudo mv home/pi/raspap.local.pem /etc/lighttpd/ssl ``` -Edit the lighttpd configuration: +6. Edit the lighttpd configuration: ``` sudo nano /etc/lighttpd/lighttpd.conf ``` @@ -69,11 +68,11 @@ $SERVER["socket"] == ":443" { server.document-root = "/var/www/html" } ``` -Restart the lighttpd service: +7. Restart the lighttpd service: ``` sudo systemctl restart lighttpd ``` -... and verify that lighttpd has restarted without errors: +8. Verify that lighttpd has restarted without errors: ``` sudo systemctl status lighttpd ``` @@ -95,11 +94,11 @@ You should see a response like the following: Jul 01 11:56:15 raspap lighttpd[1433]: Syntax OK Jul 01 11:56:15 raspap systemd[1]: Started Lighttpd Daemon. ``` -Now, copy `rootCA.pem` to your lighttpd web root (**important:** do *NOT* share `rootCA-key.pem`): +9. Now, copy `rootCA.pem` to your lighttpd web root (**important:** do *NOT* share `rootCA-key.pem`): ``` sudo cp /home/pi/.local/share/mkcert/rootCA.pem /var/www/html ``` -Open a browser and enter the address: https://raspap.local/rootCA.pem. Accept the unsafe warning in the browser and download the root certificate to your client. Add the root certificate to your system keychain. +10. Open a browser and enter the address: https://raspap.local/rootCA.pem. Accept the unsafe warning in the browser and download the root certificate to your client. Add the root certificate to your system keychain. ![](https://i.imgur.com/RCJJPYL.png)