free ssl, ssl gratis, cara install letsencrypt

Cara Instal SSL Gratis Letsencrypt di Ubuntu 14.10

VPS paling murah

Let’s Encrypt adalah sertifikat ssl gratis, otomatis, dan open Certificate Authority (CA). Layanan SSL Let’s Encrypt merupakan layanan yang disediakan oleh perusahaan Internet Security Research Group (ISRG). Sertifikat SSL Let’s Encrypt hanya berlaku untuk 3 bulanan dan harus diperbaharui secara rutin.

Persiapan Install SSL Letsencrypt

Sebelum anda menginstall SSL Lets Encrypt, Terlebih dahulu pastikan Linux Anda sudah terinstall git. Jika Belum terinstall, Anda bisa menginstal git dengan cara sebagai berikut:

apt-get install git -y

Hal yang tidak kalah penting lainnya adalah bahwa anda tidak mengunakan DNS cloudflare saat install. Karena akan mengakibatkan kesalahan sat validasi DNS.

Cara Install SSL Letsencrypt Client

Untuk menginstall Letsencrypt client, cukup eksekusi 2 baris command line berikut dengan akses root:

git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt

Mulai Bulan desember 2015, Letsencript client telah mendukung --webroot option, sehingga saat instalasi web server tidak perlu down. Dalam tutorial ini kami asumsikan kondisi Server ubuntu sebagai berikut:
– Path web terletak di /home/username/public_html
– Webserver yang digunakan adalah Apache2
– Admin email adalah emailku@tutorials.id
– SSL Letsencrypt akan diinstall untuk tutorials.id, www.tutorials.id dan linux.tutorials.id

Dari kondisi tersebut, kita bisa install SSL Letsencrypt dengan perintah sebagai berikut:

./letsencrypt-auto --server https://acme-v01.api.letsencrypt.org/directory certonly --agree-tos --email 'emailku@tutorials.id' --webroot --webroot-path '/home/username/public_html/' -d tutorials.id -d www.tutorials.id -d linux.tutorials.id

Hasil dari perintah diatas kurang lebih sebagai berikut:

Version: 1.1-20080819
Version: 1.1-20080819

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/tutorials.id/fullchain.pem. Your cert
   will expire on 2016-03-06. To obtain a new version of the
   certificate in the future, simply run Let's Encrypt again.
 - If like Let's Encrypt, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Jika Andamenggunakan DNS Cloudflare saat instal SSL Letsencrypt, maka anda akan mendapatkan pesan eror sebagai berikut:

FailedChallenges: Failed authorization procedure. www.certificatemonitor.org (dvsni): tls :: The server experienced a TLS error during DV :: Failed to connect to host for DVSNI challenge, certificatemonitor.org (dvsni): tls :: The server experienced a TLS error during DV :: Failed to connect to host for DVSNI challenge

Cek isi folder /etc/letsencrypt/live/tutorials.id. Jika instalasi anda berhasil, maka di dalam folder tersebut akan ada 4 file symlink sebagai berikut:

# ls -la /etc/letsencrypt/live/tutorials.id
total 8
drwxr-xr-x 2 root root 4096 Apr 24 20:44 .
drwx------ 3 root root 4096 Apr 24 20:44 ..
lrwxrwxrwx 1 root root   36 Apr 24 20:44 cert.pem -> ../../archive/tutorials.id/cert1.pem
lrwxrwxrwx 1 root root   37 Apr 24 20:44 chain.pem -> ../../archive/tutorials.id/chain1.pem
lrwxrwxrwx 1 root root   41 Apr 24 20:44 fullchain.pem -> ../../archive/tutorials.id/fullchain1.pem
lrwxrwxrwx 1 root root   39 Apr 24 20:44 privkey.pem -> ../../archive/tutorials.id/privkey1.pem

Konfigurasi Virtual Host

Virtual host Apache2 di Ubuntu terletak di folder /etc/apache2/sites-enabled. Buat file tutorials-id-ssl.conf dengan perintah:

nano /etc/apache2/sites-enabled/tutorials-id-ssl.conf

kemudian isi dengan data sebagai berikut:


        
                ServerName tutorials.id
                ServerAlias *.tutorials.id
                ServerAdmin info@humayraa.com

                DocumentRoot /home/tutorial/public_html

                ErrorLog ${APACHE_LOG_DIR}/error.log
                CustomLog ${APACHE_LOG_DIR}/access.log combined

                SSLEngine on
                SSLCertificateFile      /etc/letsencrypt/live/tutorials.id/cert.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/tutorials.id/privkey.pem
                SSLCertificateChainFile /etc/letsencrypt/live/tutorials.id/fullchain.pem

                
                                SSLOptions +StdEnvVars
                
                
                                SSLOptions +StdEnvVars
                

                BrowserMatch "MSIE [2-6]" \
                                nokeepalive ssl-unclean-shutdown \
                                downgrade-1.0 force-response-1.0
                # MSIE 7 and newer should be able to use keepalive
                BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

        

Save, kemudian restart Apache2 dengan perintah:

service apache2 restart

Selamat mencoba

4 Replies to “Cara Instal SSL Gratis Letsencrypt di Ubuntu 14.10”

  1. pang

    saya sudah mengikuti step diatas, proses instalasi berhasil :
    IMPORTANT NOTES:
    – Congratulations! Your certificate and chain have been saved at:
    /etc/letsencrypt/live/xxx.xyz/fullchain.pem
    Your key file has been saved at:
    /etc/letsencrypt/live/xxx.xyz/privkey.pem
    Your cert will expire on 2018-01-11. To obtain a new or tweaked
    version of this certificate in the future, simply run
    letsencrypt-auto again. To non-interactively renew *all* of your
    certificates, run “letsencrypt-auto renew”
    – Your account credentials have been saved in your Certbot
    configuration directory at /etc/letsencrypt. You should make a
    secure backup of this folder now. This configuration directory will
    also contain certificates and private keys obtained by Certbot so
    making regular backups of this folder is ideal.
    – If you like Certbot, please consider supporting our work by:

    Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
    Donating to EFF: https://eff.org/donate-le

    Akan tetapi pada saat saya akses menggunakan https tidak bisa

    • Admin Tutorial Linux

      sudah bikin virtualhost untuk https ?
      bikin file /etc/apache2/sites-available/ssl-xxx.xyz.conf

      isinya:

      <IfModule mod_ssl.c>
              <VirtualHost _default_:443>
                      ServerName xxx.xyz
                      ServerAdmin webmaster@localhost
                      DocumentRoot /var/www/html
                      ErrorLog ${APACHE_LOG_DIR}/error.log
                      CustomLog ${APACHE_LOG_DIR}/access.log combined
                      SSLEngine on
                      SSLCertificateFile      /etc/letsencrypt/live/xxx.xyz/cert.pem
                      SSLCertificateKeyFile /etc/letsencrypt/live/xxx.xyz/prifkey.pem
                      SSLCertificateChainFile /etc/letsencrypt/live/xxx.xyz/fullchain.pem
      
                      <FilesMatch "\.(cgi|shtml|phtml|php)$">
                                      SSLOptions +StdEnvVars
                      </FilesMatch>
                      <Directory /usr/lib/cgi-bin>
                                      SSLOptions +StdEnvVars
                      </Directory>
              </VirtualHost>
      </IfModule>
      
      

      Kemudian enable site dengan perintah:

      sudo a2ensite ssl-xxx.xyz
      

      Setelah itu restart apache:

      sudo service apache2 restart
      

      Semoga berhasil

  2. imam

    kalo ada jawaban seperti ini
    Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.
    Apa yang salah ya pak? trims

Tinggalkan Balasan

Alamat email Anda tidak akan dipublikasikan. Ruas yang wajib ditandai *

loading...