Sunday, October 27, 2024
Debian Linux Mint Nginx SSL Ubuntu

Cara Install Let’s Encrypt dengan Nginx di Ubuntu 20.04 / Debian 11 / Linux Mint

Encrypt

“Cara Install Let’s Encrypt dengan Nginx di Ubuntu 20.04 / Debian 11 / Linux Mint”

Pendahuluan

Let’s Encrypt adalah otoritas sertifikat gratis, otomatis, dan terbuka yang dikembangkan oleh Internet Security Research Group (ISRG) yang menyediakan sertifikat SSL gratis. Sertifikat yang dikeluarkan oleh Let’s Encrypt dipercaya oleh semua browser utama dan berlaku selama 90 hari sejak tanggal penerbitan.

Persyaratan

Install Cerbot

sudo apt update
sudo apt install certbot

Generate SSL

sudo openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048

Membuat Let’s Encrypt SSL certificate

  • Buat direktori
sudo mkdir -p /var/lib/letsencrypt/.well-known
sudo chgrp www-data /var/lib/letsencrypt
sudo chmod g+s /var/lib/letsencrypt
  • Buat konfigurasi
sudo nano /etc/nginx/snippets/letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
  allow all;
  root /var/lib/letsencrypt/;
  default_type "text/plain";
  try_files $uri =404;
}
sudo nano /etc/nginx/snippets/ssl.conf
ssl_dhparam /etc/ssl/certs/dhparam.pem;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 30s;

add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
sudo nano /etc/nginx/sites-available/example.com.conf
server {
  listen 80;
  server_name example.com www.example.com;

  include snippets/letsencrypt.conf;
}
  • Buat Symlink
sudo ln -s /etc/nginx/sites-available/example.com.conf /etc/nginx/sites-enabled/
  • Restart service
sudo systemctl restart nginx
  • jalankan cerbot untuk SSL domain
sudo certbot certonly --agree-tos --email admin@example.com --webroot -w /var/lib/letsencrypt/ -d example.com -d www.example.com
  • Edit file config
sudo nano /etc/nginx/sites-available/example.com.conf
server {
    listen 80;
    server_name www.example.com example.com;

    include snippets/letsencrypt.conf;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name www.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    return 301 https://example.com$request_uri;
}

server {
    listen 443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
    include snippets/ssl.conf;
    include snippets/letsencrypt.conf;

    # . . . other code
}
  • Restart service
sudo systemctl reload nginx

Auto-renewing Let’s Encrypt SSL certificate

  • tambahkan cron
sudo nano /etc/letsencrypt/cli.ini
deploy-hook = systemctl reload nginx
  • test cron
sudo certbot renew --dry-run

Penutup

Sahabat Blog Learning & Doing demikianlah penjelasan mengenai Cara Install Let’s Encrypt dengan Nginx di Ubuntu 20.04 / Debian 11 / Linux Mint. Semoga Bermanfaat . Sampai ketemu lagi di postingan berikut nya.

(Visited 356 times, 1 visits today)

Similar Posts