Cara Install Let]s Encrypt SSL dengan Nginx di CentOS 8

Let’s Encrypt adalah certificate authority yang menyediakan sertifikat SSL gratis untuk website, beroperasi sejak April 2016, dan didukung oleh perusahaan dan organisasi internet dunia seperti Mozilla, Cisco, Chrome, Akamai, dll.

{{

Untuk tutorial install Let’s Encrypt dengan Apache, baca di Cara Install Let’s Encrypt SSL dengan Apache di CentOS 8

}}

*0.Perangkat yang Digunakan*

Tutorial ini menggunakan:

· VPS CentOS 8 · Domain superuser.web.id · Nginx

Sebelum install Let’s Encrypt SSL domain harus sudah bisa diakses dengan baik dan menggunakan server block Nginx.

{{

Baca tutorial Cara Install Nginx di CentOS 8

}}

*1.Install Certbot*

Install Certbot.

[INPUT]

1 2 3 curl -O https://dl.eff.org/certbot-auto mv certbot-auto /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto

*2.Membuat Sertifikat SSL*

Jalankan perintah Cerbot untuk membuat sertifikat SSL.

[INPUT]

1 certbot-auto –nginx -d superuser.web.id -d www.superuser.web.id

Jika masih ada dependensi paket yang harus diinstall, jawab ‘y’.

Install dependensi paket untuk Certbot

Request sertifikat SSL untuk domain superuser.web.id dan www.superuser.web.id.

[INPUT]

1 certbot-auto –nginx -d superuser.web.id -d www.superuser.web.id

Masukkan alamat email.

[INPUT]

1 2 Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to cancel): hai@musaamin.web.id

Setujui ToS.

[INPUT]

1 2 3 4 5 6 Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – (A)gree/(C)ancel: A

Persetujuan untuk dikirimi informasi mengenai Let’s Encrypt, bisa jawab Y atau N.

[INPUT]

1 2 3 4 5 6 Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let’s Encrypt project and the non-profit organization that develops Certbot? We’d like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – (Y)es/(N)o: N

Sertifikat SSL dibuat, mengubah dan menambahkan konfigurasi virtual host untuk SSL.

[INPUT]

1 2 Deploying Certificate to VirtualHost /etc/nginx/conf.d/superuser.web.id.conf Deploying Certificate to VirtualHost /etc/nginx/nginx.conf

Kemudian masukkan 2 untuk redirect HTTP ke HTTPS.

[INPUT]

1 2 3 4 5 6 7 8 Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 1: No redirect – Make no further changes to the webserver configuration. 2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you’re confident your site works on HTTPS. You can undo this change by editing your web server’s configuration. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Berhasil install sertifikat SSL untuk domain superuser.web.id dan www.superuser.web.id.

Pengujian konfigurasi bisa dilakukan melalui website SSLLabs.com.

Sertifikat tersimpan di /etc/letsencrypt/live/superuser.web.id.

[INPUT]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 Congratulations! You have successfully enabled https://superuser.web.id and https://www.superuser.web.id   You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=superuser.web.id https://www.ssllabs.com/ssltest/analyze.html?d=www.superuser.web.id – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –   IMPORTANT NOTES: – Congratulations! Your certificate and chain have been saved at:    /etc/letsencrypt/live/superuser.web.id/fullchain.pem    Your key file has been saved at:    /etc/letsencrypt/live/superuser.web.id/privkey.pem    Your cert will expire on 2020-01-24. To obtain a new or tweaked    version of this certificate in the future, simply run certbot-auto    again with the “certonly” option. To non-interactively renew *all*    of your certificates, run “certbot-auto renew” – If you like Certbot, please consider supporting our work by:      Donating to ISRG / Let’s Encrypt:   https://letsencrypt.org/donate    Donating to EFF:                    https://eff.org/donate-le

Sertifikat SSL hanya berlaku selama 90 hari, untuk pembaruan sertifikat jalankan renew.

[INPUT]

1 cerbot-auto renew

*3.FirewallD Service*

Sebelum menguji atau mengakses HTTPS, masukkan terlebih dahulu service HTTPS atau port 443 ke FirewallD.

[INPUT]

1 2 3 firewall-cmd –add-service=https –permanent firewall-cmd –reload firewall-cmd –list-services

*4.Pengujian*

Browsing domain, hasilnya domain harus bisa diakses melalui protokol HTTPS, dan secara otomatis redirect dari HTTP ke HTTPS.

Browsing domain superuser.web.id dengan HTTPS

Informasi Sertifikat SSL

Pengujian lain dengan menggunakan SSLLabs.com.

Hasil pengujian SSL dengan SSLLabs.com

Selamat mencoba 🙂

Leave a Reply

Your email address will not be published.