Cara Install Let]s Encrypt SSL dengan Apache di CentOS 8

Let’s Encrypt adalah certificate authority yang menyediakan sertifikat SSL gratis untuk website, beroperasi sejak April 2016, dan didukung oleh perusahaan dan organisasi internet dunia seperti Mozilla, Cisco, Chrome, Akamai, dll.

*0.Perangkat yang Digunakan*

Tutorial ini menggunakan:

· VPS CentOS 8 · Domain superuser.web.id · Apache

Sebelum install Let’s Encrypt SSL domain harus sudah bisa diakses dengan baik dan menggunakan virtual host Apache.

{{

Baca tutorial Cara Install Apache di CentOS 8

}}

*1.Install Certbot*

Install modul SSL untuk Apache.

[INPUT]

1 2 dnf install mod_ssl systemctl  restart httpd

Install Certbot.

[INPUT]

1 2 3 curl -O https://dl.eff.org/certbot-auto mv certbot-auto /usr/local/bin/certbot-auto chmod 0755 /usr/local/bin/certbot-auto

*2.Membuat Sertifikat SSL*

Jalankan perintah Cerbot untuk membuat sertifikat SSL.

[INPUT]

1 certbot-auto –apache -d superuser.web.id -d www.superuser.web.id

Jika masih ada dependensi paket yang harus diinstall, jawab ‘y’.

Install dependensi paket untuk Certbot

Request sertifikat SSL untuk domain superuser.web.id dan www.superuser.web.id.

[INPUT]

1 certbot-auto –apache -d superuser.web.id -d www.superuser.web.id

Masukkan alamat email.

[INPUT]

1 2 Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to cancel): hai@musaamin.web.id

Setujui ToS.

[INPUT]

1 2 3 4 5 6 Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must agree in order to register with the ACME server at https://acme-v02.api.letsencrypt.org/directory – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – (A)gree/(C)ancel: A

Persetujuan untuk dikirimi informasi mengenai Let’s Encrypt, bisa jawab Y atau N.

[INPUT]

1 2 3 4 5 6 Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let’s Encrypt project and the non-profit organization that develops Certbot? We’d like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – (Y)es/(N)o: N

Sertifikat SSL dibuat, mengubah dan menambahkan konfigurasi virtual host untuk SSL.

[INPUT]

1 2 3 4 5 6 7 8 9 Obtaining a new certificate Performing the following challenges: http-01 challenge for superuser.web.id http-01 challenge for www.superuser.web.id Waiting for verification… Cleaning up challenges Created an SSL vhost at /etc/httpd/conf.d/superuser.web.id-le-ssl.conf Deploying Certificate to VirtualHost /etc/httpd/conf.d/superuser.web.id-le-ssl.conf Deploying Certificate to VirtualHost /etc/httpd/conf.d/superuser.web.id-le-ssl.conf

Kemudian masukkan 2 untuk redirect HTTP ke HTTPS.

[INPUT]

1 2 3 4 5 6 7 8 Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – 1: No redirect – Make no further changes to the webserver configuration. 2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for new sites, or if you’re confident your site works on HTTPS. You can undo this change by editing your web server’s configuration. – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

Berhasil install sertifikat SSL untuk domain superuser.web.id dan www.superuser.web.id.

Pengujian konfigurasi bisa dilakukan melalui website SSLLabs.com.

Sertifikat tersimpan di /etc/letsencrypt/live/superuser.web.id.

[INPUT]

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 Congratulations! You have successfully enabled https://superuser.web.id and https://www.superuser.web.id   You should test your configuration at: https://www.ssllabs.com/ssltest/analyze.html?d=superuser.web.id https://www.ssllabs.com/ssltest/analyze.html?d=www.superuser.web.id – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –   IMPORTANT NOTES: – Congratulations! Your certificate and chain have been saved at:    /etc/letsencrypt/live/superuser.web.id/fullchain.pem    Your key file has been saved at:    /etc/letsencrypt/live/superuser.web.id/privkey.pem    Your cert will expire on 2020-01-24. To obtain a new or tweaked    version of this certificate in the future, simply run certbot-auto    again with the “certonly” option. To non-interactively renew *all*    of your certificates, run “certbot-auto renew” – Your account credentials have been saved in your Certbot    configuration directory at /etc/letsencrypt. You should make a    secure backup of this folder now. This configuration directory will    also contain certificates and private keys obtained by Certbot so    making regular backups of this folder is ideal. – If you like Certbot, please consider supporting our work by:      Donating to ISRG / Let’s Encrypt:   https://letsencrypt.org/donate    Donating to EFF:                    https://eff.org/donate-le

Sertifikat SSL hanya berlaku selama 90 hari, untuk pembaruan sertifikat jalankan renew.

[INPUT]

1 cerbot-auto renew

*3.FirewallD Service*

Sebelum menguji atau mengakses HTTPS, masukkan terlebih dahulu service HTTPS atau port 443 ke FirewallD.

[INPUT]

1 2 3 firewall-cmd –add-service=https –permanent firewall-cmd –reload firewall-cmd –list-services

*4.Pengujian*

Browsing domain, hasilnya domain harus bisa diakses melalui protokol HTTPS, dan secara otomatis redirect dari HTTP ke HTTPS.

Browsing domain superuser.web.id dengan HTTPS

Informasi Sertifikat SSL

Pengujian lain dengan menggunakan SSLLabs.com.

Hasil pengujian SSL dengan SSLLabs.com

Selamat mencoba 🙂

Leave a Reply

Your email address will not be published.