” Cara Install SSL Let’s Encrypt pada Nginx di CentOS 7 “
Setelah sebelumnya menginstall LEMP pada centos 7 anda bisa cek di artikel -> install-lemp-stack-di-centos-7
Selanjutnya kita coba pasang SSL pada domain nya.
Penggunaan sertifikat SSL sudah menjadi standarisasi untuk mendapatkan nilai SEO yang bagus. Jika kamu belum tahu, SSL adalah Secure Sockets Layer, yaitu lapisan pertahanan di website yang menjamin bahwa transaksi data di website-mu tidak terinterupsi oleh pihak manapun. Alhasil, Google akan memberikan peringkat lebih baik untuk website-mu. Mari pelajari cara install SSL Let’s Encrypt dengan web server Nginx di server dengan CentOS 7 berikut.
Let’s Encrypt
Let’s Encrypt adalah organisasi non-profit dari Linux Foundation yang menyediakan SSL gratis dengan enkripsi standar untuk seluruh pemilik website. SSL ini memiliki validasi waktu 90 hari dan menggunakan protokol ACME (Automatic Certificate Management Environment) yang dapat melakukan pembaruan otomatis setiap 90 hari menggunakan cron job.
Persiapan
Instalasi SSL Let’s Encrypt ada dilakukan dengan beberapa langkah di bawah ini.
- Install Repo
- Update Server
- Install Cerbot
- Install SSL
- Config SSL
- Test SSL
- Renew Auto
Tahap Installasi
1. Install Repo
yum install epel-release -y
yum update -y
yum install nano perl wget -y
3. Install Cerbot
yum install python-certbot-nginx
4. Install SSL
certbot --nginx -d lemp.hendro-wibiksono.web.id -d www.lemp.hendro-wibiksono.web.id– Masukan alamat email
Enter email address (used for urgent renewal and security notices) (Enter ‘c’ to
cancel): admin@lemp.hendro-wibiksono.web.id
– Setujui TOS
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
Y)es/(N)o: Y
– Pilih N
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let’s Encrypt project and the non-profit
organization that develops Certbot? We’d like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
(Y)es/(N)o: N
– SSL mulai di buat
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for lemp.hendro-wibiksono.web.id
http-01 challenge for www.lemp.hendro-wibiksono.web.id
Waiting for verification…
– memasang di config
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/ lemp.hendro-wibiksono.web.id.conf
Deploying Certificate to VirtualHost /etc/nginx/sites-enabled/ lemp.hendro-wibiksono.web.id.conf
– HTTP to HTTPS
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
– SSL sudah terinstall
Congratulations! You have successfully enabled https:// lemp.hendro-wibiksono.web.id and
https://www. lemp.hendro-wibiksono.web.id
5. Cek Config SSL
nano /etc/nginx/sites-enabled/ lemp.hendro-wibiksono.web.id.conf
6. test SSL
akses Via web dan test via SSLLabs.com.
7. Memperbarui Sertifikat SSL Secara Otomatis
crontab -e
00 1 * * * /usr/bin/certbot renew –quiet
8. Cek status expire cerbot
sudo certbot certificatesVideo Tutorial