NOTE: this requires access to your Snapt Aria appliance over CLI or SSH in some form.
This guide applies to Snapt Aria official images only.
- IMPORTANT: backup your existing lighttpd.pem file.
sudo cp /etc/lighttpd/lighttpd.pem /etc/lighttpd/lighttpd.pem.bak
- Generate a new CSR – be sure to enter request details as prompted – then transfer it to your CA server (e.g. WinSCP, FileZilla SFTP).
openssl req -new -newkey rsa:2048 -nodes -sha256 -out your-domain.csr -keyout your-domain.key
- Sign the certificate with your Certificate Authority of choice and export the certificate in Base-64-encoded x.509 format. Export the CA certificate in the same format.
- Transfer the exported server and CA certificates to the Snapt Aria appliance.
- Concatenate the server private key, server certificate and CA certificate into a single x.509 PEM file.
cat your-domain.key your-domain.cer your-ca.cer > your-fullchain.pem
- Copy the new x.509 PEM over the existing lighttpd.pem.
sudo cp your-fullchain.pem /etc/lighttpd/lighttpd.pem
- Restart lighttpd.
sudo systemctl restart lighttpd.service
- And you’re done! Your custom certificate will now be served by the Snapt Aria framework web UI on the configured SSL port (8081 by default).
- IMPORTANT: in the event of certificate issues or errors, restore the original lighttpd.pem.
sudo cp /etc/lighttpd/lighttpd.pem.bak /etc/lighttpd/lighttpd.pem