Install SSL Let’s Encrypt Pada Nginx Di CentOS 7

” Cara Install SSL Let’s Encrypt pada Nginx di CentOS 7 “

Setelah sebelumnya menginstall LEMP pada centos 7 anda bisa cek di artikel -> install-lemp-stack-di-centos-7

Selanjutnya kita coba pasang SSL pada domain nya.

Penggunaan sertifikat SSL sudah menjadi standarisasi untuk mendapatkan nilai SEO yang bagus. Jika kamu belum tahu, SSL adalah Secure Sockets Layer, yaitu lapisan pertahanan di website yang menjamin bahwa transaksi data di website-mu tidak terinterupsi oleh pihak manapun. Alhasil, Google akan memberikan peringkat lebih baik untuk website-mu. Mari pelajari cara install SSL Let’s Encrypt dengan web server Nginx di server dengan CentOS 7 berikut.

Let’s Encrypt

Let’s Encrypt adalah organisasi non-profit dari Linux Foundation yang menyediakan SSL gratis dengan enkripsi standar untuk seluruh pemilik website. SSL ini memiliki validasi waktu 90 hari dan menggunakan protokol ACME (Automatic Certificate Management Environment) yang dapat melakukan pembaruan otomatis setiap 90 hari menggunakan cron job.

Persiapan

VPS / Server Centos 7
domain lemp.hendro-wibiksono.web.id
akses root
Nginx

Instalasi SSL Let’s Encrypt ada dilakukan dengan beberapa langkah di bawah ini.

Install Repo
Update Server
Install Cerbot
Install SSL
Config SSL
Test SSL
Renew Auto

Tahap Installasi

1. Install Repo

yum install epel-release -y

2. Update Server

yum update -y

yum install nano perl wget -y

3. Install Cerbot

yum install python-certbot-nginx

4. Install SSL

certbot --nginx -d lemp.hendro-wibiksono.web.id -d www.lemp.hendro-wibiksono.web.id

– Masukan alamat email

Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): admin@lemp.hendro-wibiksono.web.id

– Setujui TOS

Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory

Y)es/(N)o: Y

– Pilih N

Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.

(Y)es/(N)o: N

– SSL mulai di buat

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lemp.hendro-wibiksono.web.id
http-01 challenge for www.lemp.hendro-wibiksono.web.id
Waiting for verification…

– memasang di config

Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/ lemp.hendro-wibiksono.web.id.conf
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/ lemp.hendro-wibiksono.web.id.conf

– HTTP to HTTPS

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.

1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.

Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2

– SSL sudah terinstall

Congratulations! You have successfully enabled https:// lemp.hendro-wibiksono.web.id and
https://www. lemp.hendro-wibiksono.web.id

5. Cek Config SSL

nano /etc/nginx/sites-enabled/ lemp.hendro-wibiksono.web.id.conf

6. test SSL

akses Via web dan test via SSLLabs.com.

7. Memperbarui Sertifikat SSL Secara Otomatis

crontab -e

00 1 * * * /usr/bin/certbot renew –quiet

8. Cek status expire cerbot