Cara Install Let’s Encrypt dengan Apache di Ubuntu 20.04 / Debian 11 / Linux Mint

“Cara Install Let’s Encrypt dengan Apache di Ubuntu 20.04 / Debian 11 / Linux Mint”

Pendahuluan

Let’s Encrypt adalah otoritas sertifikat yang dibuat oleh Internet Security Research Group (ISRG). Ini menyediakan sertifikat SSL gratis melalui proses otomatis yang dirancang untuk menghilangkan pembuatan sertifikat manual, validasi, instalasi, dan pembaruan.

Sertifikat yang dikeluarkan oleh Let’s Encrypt berlaku selama 90 hari sejak tanggal penerbitan dan dipercaya oleh semua browser utama saat ini.

Persyaratan

- Memiliki akses root ke server

- Siapkan domain dan sudah di pointing ke IP server.

- Sudah menginstall apache -> Cara Install Apache Web Server Pada Ubuntu 20.04 / Debian 11

Install Certbot

sudo apt update

sudo apt install certbot

Generate SSL

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Konfigurasi Let’s Encrypt SSL certificate

- Buat direktori baru

sudo mkdir -p /var/lib/letsencrypt/.well-known

sudo chgrp www-data /var/lib/letsencrypt

sudo chmod g+s /var/lib/letsencrypt

- Buat file config

nano /etc/apache2/conf-available/letsencrypt.conf

Alias /.well-known/acme-challenge/ “/var/lib/letsencrypt/.well-known/acme-challenge/”
AllowOverride None

Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec

Require method GET POST OPTIONS

nano /etc/apache2/conf-available/ssl-params.conf

SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1

SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

SSLHonorCipherOrder off

SSLSessionTickets off
SSLUseStapling On

SSLStaplingCache “shmcb:logs/ssl_stapling(32768)”
SSLOpenSSLConfCmd DHParameters “/etc/ssl/certs/dhparam.pem”
Header always set Strict-Transport-Security “max-age=63072000”

- Enable module

sudo a2enmod ssl

sudo a2enmod headers

- Enable SSL config

sudo a2enconf letsencrypt

sudo a2enconf ssl-params

- Enable http modul

sudo a2enmod http2

- Restart apache service

sudo systemctl reload apache2

- jalankan cerboot untuk membuat SSL pada domain

sudo certbot certonly — agree-tos — email admin@example.com — webroot -w /var/lib/letsencrypt/ -d example.com -d www.example.com

output

IMPORTANT NOTES:

- Congratulations! Your certificate and chain have been saved at:

/etc/letsencrypt/live/example.com/fullchain.pem

Your key file has been saved at:

/etc/letsencrypt/live/example.com/privkey.pem

Your cert will expire on 2020–10–06. To obtain a new or tweaked

version of this certificate in the future, simply run certbot

again. To non-interactively renew *all* of your certificates, run

“certbot renew”

- Your account credentials have been saved in your Certbot

configuration directory at /etc/letsencrypt. You should make a

secure backup of this folder now. This configuration directory will

also contain certificates and private keys obtained by Certbot so

making regular backups of this folder is ideal.

- If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate

Donating to EFF: https://eff.org/donate-le

- Edit Virtualhost

nano /etc/apache2/sites-available/example.com.conf

ServerName example.com
Redirect permanent / https://example.com/

ServerName example.com
Protocols h2 http/1.1

Redirect permanent / https://example.com/

DocumentRoot /var/www/example.com/public_html

ErrorLog ${APACHE_LOG_DIR}/example.com-error.log

CustomLog ${APACHE_LOG_DIR}/example.com-access.log combined
SSLEngine On

SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem

SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
# Other Apache Configuration

- Reload service

sudo systemctl reload apache2

Test SSL

Kamu bisa cek ssl domain mu dari web tools https://www.ssllabs.com/ssltest/

Auto-renewing Let’s Encrypt SSL certificate

- buat file

nano /etc/cron.d/certbot

0 */12 * * * root test -x /usr/bin/certbot -a ! -d /run/systemd/system && perl -e ‘sleep int(rand(3600))’ && certbot -q renew — renew-hook “systemctl reload apache2”

- test renewal

sudo certbot renew — dry-run

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Cara Install Let’s Encrypt dengan Apache di Ubuntu 20.04 / Debian 11 / Linux Mint. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.

--

--

--

IT System Engineer -> https://hendro.wibiksono.web.id

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Don’t Be Left Behind! Understand New Tech!

Juice Jacking: Invasion of your personal device as you are charging the battery.

Creating a Backdoor using Social Engineering Toolkit (SET)

{UPDATE} Real Driving City Sim Hack Free Resources Generator

🔴 NAME Airdrop 🔴 ✅ Reg : April 11th - April 15th 💎 200,000 NAME tokens to be airdropped

To patch or not to patch, that’s the question.

Developing the Cyber Workforce

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hendro Wibiksono

Hendro Wibiksono

IT System Engineer -> https://hendro.wibiksono.web.id

More from Medium

Build Customised Zeppelin Docker Image

Kubernetes Architecture in a Nutshell

Configure Hadoop and start cluster services using Ansible Playbook

Lets Get WSO2 Identity Server Configured on AlmaLinux OS.