Let’s Encrypt adalah Otoritas Sertifikat (CA) yang memfasilitasi perolehan dan penginstalan sertifikat TLS/SSL gratis, yang dengan demikian mengaktifkan HTTPS terenkripsi pada server web.
Dalam panduan ini, kita akan menggunakan Certbot untuk memperoleh sertifikat SSL gratis untuk Apache pada Linux Ubuntu 20.04, dan memastikan agar sertifikat ini disiapkan untuk diperbarui secara otomatis.
Tutorial ini menggunakan berkas virtualhost pada Apache untuk menyiapkan situs web yang akan diamankan dengan Let’s Encrypt.
Kami menyarankan untuk menciptakan berkas virtualhost pada Apache untuk setiap domain, supaya bisa menerapkan Sertifikat SSL pada domain menggunakan Let’s Encrypt
pertama login dulu ke server menggunakan putty, jika sudah lakukan langkah-langkah seperti dibawah ini :
root@mail:~# sudo apt install certbot python3-certbot-apache
Reading package lists… Done
Building dependency tree
Reading state information… Done
The following additional packages will be installed:
augeas-lenses libaugeas0 python3-acme python3-augeas python3-certbot python3-cffi-backend python3-configargparse python3-configobj python3-cryptography
python3-distro python3-future python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr python3-requests-toolbelt python3-rfc3339
python3-setuptools python3-tz python3-zope.component python3-zope.event python3-zope.hookable python3-zope.interface
Suggested packages:
augeas-doc python3-certbot-nginx python-certbot-doc augeas-tools python-acme-doc python-certbot-apache-doc python-configobj-doc python-cryptography-doc
python3-cryptography-vectors python-future-doc python-mock-doc python-openssl-doc python3-openssl-dbg python-setuptools-doc
Recommended packages:
python3-icu
The following NEW packages will be installed:
augeas-lenses certbot libaugeas0 python3-acme python3-augeas python3-certbot python3-certbot-apache python3-cffi-backend python3-configargparse
python3-configobj python3-cryptography python3-distro python3-future python3-josepy python3-mock python3-openssl python3-parsedatetime python3-pbr
python3-requests-toolbelt python3-rfc3339 python3-setuptools python3-tz python3-zope.component python3-zope.event python3-zope.hookable
python3-zope.interface
0 upgraded, 26 newly installed, 0 to remove and 0 not upgraded.
Need to get 2,237 kB of archives.
After this operation, 12.3 MB of additional disk space will be used.
Do you want to continue? [Y/n] Y
root@mail:~# certbot update_account –email ranoeva@gmail.com ( jika sebelumnya sudah pernah memakai email yang sama untuk membuat sertifikat Let’s Encrypt maka harus di update dahulu emailnya, kalau belum pernah maka abaikan saja tahapan yang ini )
root@mail:~# sudo certbot –apache
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): ranoeva@gmail.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(A)gree/(C)ancel: A
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(Y)es/(N)o: N
Which names would you like to activate HTTPS for?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: sekilasit.org
2: agus.sekilasit.org
3: alquran.sekilasit.org
4: android.sekilasit.org
5: blog.sekilasit.org
6: dedi.sekilasit.org
7: mail.sekilasit.org
8: repo.sekilasit.org
9: www.sekilasit.org
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel):
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for agus.sekilasit.org
http-01 challenge for alquran.sekilasit.org
http-01 challenge for android.sekilasit.org
http-01 challenge for blog.sekilasit.org
http-01 challenge for dedi.sekilasit.org
http-01 challenge for mail.sekilasit.org
http-01 challenge for repo.sekilasit.org
http-01 challenge for sekilasit.org
http-01 challenge for www.sekilasit.org
Waiting for verification…
Cleaning up challenges
Created an SSL vhost at /etc/apache2/sites-available/sekilasit.org-le-ssl.conf
Enabled Apache socache_shmcb module
Enabled Apache ssl module
Deploying Certificate to VirtualHost /etc/apache2/sites-available/sekilasit.org-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/sekilasit.org-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/agus.sekilasit.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/agus.sekilasit.org-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/agus.sekilasit.org-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/alquran.sekilasit.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/alquran.sekilasit.org-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/alquran.sekilasit.org-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/android.sekilasit.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/android.sekilasit.org-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/android.sekilasit.org-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/blog.sekilasit.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/blog.sekilasit.org-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/blog.sekilasit.org-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/dedi.sekilasit.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/dedi.sekilasit.org-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/dedi.sekilasit.org-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/mail.sekilasit.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/mail.sekilasit.org-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/mail.sekilasit.org-le-ssl.conf
Created an SSL vhost at /etc/apache2/sites-available/repo.sekilasit.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/repo.sekilasit.org-le-ssl.conf
Enabling available site: /etc/apache2/sites-available/repo.sekilasit.org-le-ssl.conf
Deploying Certificate to VirtualHost /etc/apache2/sites-available/sekilasit.org-le-ssl.conf
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Redirecting vhost in /etc/apache2/sites-enabled/sekilasit.org.conf to ssl vhost in /etc/apache2/sites-available/sekilasit.org-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/agus.sekilasit.org.conf to ssl vhost in /etc/apache2/sites-available/agus.sekilasit.org-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/alquran.sekilasit.org.conf to ssl vhost in /etc/apache2/sites-available/alquran.sekilasit.org-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/android.sekilasit.org.conf to ssl vhost in /etc/apache2/sites-available/android.sekilasit.org-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/blog.sekilasit.org.conf to ssl vhost in /etc/apache2/sites-available/blog.sekilasit.org-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/dedi.sekilasit.org.conf to ssl vhost in /etc/apache2/sites-available/dedi.sekilasit.org-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/mail.sekilasit.org.conf to ssl vhost in /etc/apache2/sites-available/mail.sekilasit.org-le-ssl.conf
Redirecting vhost in /etc/apache2/sites-enabled/repo.sekilasit.org.conf to ssl vhost in /etc/apache2/sites-available/repo.sekilasit.org-le-ssl.conf
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Congratulations! You have successfully enabled https://sekilasit.org,
https://agus.sekilasit.org, https://alquran.sekilasit.org,
https://android.sekilasit.org, https://blog.sekilasit.org,
https://dedi.sekilasit.org, https://mail.sekilasit.org,
https://repo.sekilasit.org, and https://www.sekilasit.org
You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=sekilasit.org
https://www.ssllabs.com/ssltest/analyze.html?d=agus.sekilasit.org
https://www.ssllabs.com/ssltest/analyze.html?d=alquran.sekilasit.org
https://www.ssllabs.com/ssltest/analyze.html?d=android.sekilasit.org
https://www.ssllabs.com/ssltest/analyze.html?d=blog.sekilasit.org
https://www.ssllabs.com/ssltest/analyze.html?d=dedi.sekilasit.org
https://www.ssllabs.com/ssltest/analyze.html?d=mail.sekilasit.org
https://www.ssllabs.com/ssltest/analyze.html?d=repo.sekilasit.org
https://www.ssllabs.com/ssltest/analyze.html?d=www.sekilasit.org
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/sekilasit.org/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/sekilasit.org/privkey.pem
Your cert will expire on 2022-11-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot again
with the “certonly” option. To non-interactively renew *all* of
your certificates, run “certbot renew”
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
pembuatan Sertifikat Let’s Encrypt pada Linux Ubuntu 20.04 telah selesai, dan tinggal dilakukan pengecekan pada domain, disini saya melakukan pengecekan pada domain sekilasit.org :
