SSL Configuration

Important

This section is only about SSL configuration for the LiveConfig web interface.

The usage of a SSL certificate is controled by the configuration option http_ssl_certificate. LiveConfig acts this way:

  • If http_ssl_certificate is commented but at least one HTTPS port is configured, LiveConfig creates a temporary, self-signed SSL certificate on each start.

  • If http_ssl_certificate is defined but the named file doesn’t yet exist, then LiveConfig creates a self-signed certificate and writes it into this file (this way you don’t have to accept the temporary certificate on each web browser restart).

  • If http_ssl_certificate is defined and the named file exists, then the SSL certificate and the accompanying private key is read from this file.

The certificate file must contain the following data PEM encoded in the following order:

  1. the private key for the SSL certificate (without password protection)

  2. the SSL certificate itself

  3. optional intermediate (chained) certificates if provided by the certificate issuer

Please take care for the private key to not contain a password protection - otherwise LiveConfig won’t be able to start!

By default, the SSL certificate for the LiveConfig web interface is located at /etc/liveconfig/sslcert.pem.

Note

Currently it’s not possible to use SSL certificates from Let’s Encrypt directly for the LiveConfig web interface (due to required domain validation). You can however configure a subdomain as reverse proxy to LiveConfig as a workaround.


Last updated on Apr 13, 2020.
next: License Activation
previous: Configuration