Search for:

BLOG IT SYSADMIN

Daftar akun digitalocean untuk mendapatkan free credit 100$.
DigitalOcean Referral Badge

Apakah bisa SSL terinstall gratis dan seumur hidup?

Jawabannya bisa, karena sudah ada SSL gratis yang disediakan oleh Provider SSL Lets Encrypt. Caranya gampang, anda perlu install Apache, di Ubuntu Server 20.04 nya dan buat virtual host domain/subdomain anda contohnya disini saya menggunakan subdomain ssl.alvianaufan.my.id.



  1. Buat file .conf untuk setting virtual hostnya:
    nano /etc/apache2/conf-enable/vhost.conf

    – Lalu masukkan code berikut:

    <VirtualHost *:80>
    ServerAdmin webmaster@alvianaufan.my.id
    DocumentRoot "/var/www/html"
    ServerName ssl.alvianaufan.my.id
    ServerAlias www.ssl.alvianaufan.my.id
    ErrorLog /etc/apache2/error.log
    CustomLog /etc/apache2/access.log common
    </VirtualHost>

    – Save dan exit.

  2. Pastikan untuk subdomain ssl.alvianaufan.my.id dan alias www.ssl.alvianaufan.my.id sudah mengarah ke alamat IP Apache Server nya. Bisa setting melalui panel nameserver domain utamanya ya. Contohnya disini saya menggunakan panel nameserver cloudflare:cloudflare ssl alvianaufan
  3. Setelah itu install certbot python3 melalui console server.
    apt install certbot python3-certbot-apache
  4. Jalankan generate SSL nya menggunakan command certbot:
    certbot --apache -d ssl.alvianaufan.my.id -d www.ssl.alvianaufan.my.id
    Saving debug log to /var/log/letsencrypt/letsencrypt.log
    Plugins selected: Authenticator apache, Installer apache
    Obtaining a new certificate
    Performing the following challenges:
    http-01 challenge for ssl.alvianaufan.my.id
    http-01 challenge for www.ssl.alvianaufan.my.id
    Waiting for verification...
    Cleaning up challenges
    Created an SSL vhost at /etc/apache2/conf-enabled/vhost-le-ssl.conf
    Deploying Certificate to VirtualHost /etc/apache2/conf-enabled/vhost-le-ssl.conf
    Deploying Certificate to VirtualHost /etc/apache2/conf-enabled/vhost-le-ssl.conf
    
    Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    1: No redirect - Make no further changes to the webserver configuration.
    2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
    new sites, or if you're confident your site works on HTTPS. You can undo this
    change by editing your web server's configuration.
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
    
    Redirecting vhost in /etc/apache2/conf-enabled/vhost.conf to ssl vhost in /etc/apache2/conf-enabled/vhost-le-ssl.conf
    
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Congratulations! You have successfully enabled https://ssl.alvianaufan.my.id and
    https://www.ssl.alvianaufan.my.id
    
    You should test your configuration at:
    https://www.ssllabs.com/ssltest/analyze.html?d=ssl.alvianaufan.my.id
    https://www.ssllabs.com/ssltest/analyze.html?d=www.ssl.alvianaufan.my.id
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    
    IMPORTANT NOTES:
     - Congratulations! Your certificate and chain have been saved at:
       /etc/letsencrypt/live/ssl.alvianaufan.my.id/fullchain.pem
       Your key file has been saved at:
       /etc/letsencrypt/live/ssl.alvianaufan.my.id/privkey.pem
       Your cert will expire on 2022-04-06. To obtain a new or tweaked
       version of this certificate in the future, simply run certbot again
       with the "certonly" option. To non-interactively renew *all* of
       your certificates, run "certbot renew"
     - If you like Certbot, please consider supporting our work by:
    
       Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
       Donating to EFF:                    https://eff.org/donate-le
  5. Jika sudah silahkan cek akses subdomain nya melalui browser.ssl success
    – SSL sudah berhasil aktif dan pada keterangan periode aktif nya hanya 3 bulan. Dan setelah 3 Bulan maka certbot akan menjalankan generate SSL baru secara otomatis.
  6. Pastikan status certbot.timer nya aktif, agar auto generate ssl nya dapat berjalan dengan sendirinya.
    systemctl status certbot.timer
    ● certbot.timer - Run certbot twice daily
         Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
         Active: active (waiting) since Tue 2021-12-21 08:12:12 WIB; 2 weeks 2 days ago
        Trigger: Fri 2022-01-07 09:38:38 WIB; 7h left
       Triggers: ● certbot.service
    
    Dec 21 08:12:12 ubuntu-s-1vcpu-2gb-sgp1-01 systemd[1]: Started Run certbot twice daily.

 

Demikian cara install SSL Gratis di Apache, Ubuntu Server 20.04. Silahkan bila ada yang ingin bertanya atau menemui kendala bisa tulis di kolom komentar ya 🙂



3 Comments

Write A Comment