Install-Lets-Encrypt-Wildcard

Install Let’s Encrypt Wildcard Certificate Nginx & Apache

Install SSL Let’s Encrypt Wildcard. Merupaka sebuah Layanan otoritas yang gratis menyediakan SSL/TLS Certificate. Dengan menggunakan SSL dapat membuat layanan dan lalu lintas Website terenkripsi di Internet. Menggunakan SSL memungkinkan untuk meminimal resiko kehilangan data atau tercurinya data, karena menggunakan SSL yang dipasang di Server memastikan koneksi aman.

Apa itu Wildcard Domain? Wildcard domain merupakan merangkup semua jumlah subdomain yang terkait dengan Domain. Jadi jika menggunakan SSL Wildcard mengurangin pekerjaan pemilik Webserver dalam melakukan Installasi. Berikut Kami Dokumentasinya Cara Install Let’s Encrypt Wildcard on Nginx & Apache.

Baca Juga : Install Let’s Encrypt | Dixmata Labs

Langkah 1 – Install SSL Let’s Encrypt Wildcard Nginx

Berikut perintah yang akan digunakan untuk melakukan Installasi SSL Wildcard Nginx

Install Certbot

Sebelum melakukan Installasi, pastikan melakukan update System Server terlebih dahulu

apt update

Lalu Install Certbot Nginx, ikuti command berikut ini

apt install certbot python3-certbot-nginx

Generate SSL, lalukan Command berikut untu Generate SSL *.example.com

certbot certonly \
  --agree-tos \
  --email [email protected] \
  --manual \
  --preferred-challenges=dns \
  -d *.example.com \
  --server https://acme-v02.api.letsencrypt.org/directory

Enter, dan akan ada Notifikasi Bahwa IP yang digunakan ini adalah bersifat publik, dan memintah persetujuan dari Anda, dan pilih > “Yes”


Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for example.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Yes

Enter, dan Anda harus memasukan code DNS TXT kedalam DNS Server, agar Let’s Encrypt Wildcard dapat memverifikasi Domain Anda. Berikut Output permintaaan Deploy DNS TXT

Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:

Vcxj5B9qKpTupe7aPw9V7-rWuPFhK8J_92q_qtJHfxw

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Sebelum Melanjutkan atau “Continue”, pasitkan DNS TXT sudah di Deploy ke dalam DNS Server. Berikut tampilan jika sudah di Deploy kedalam DNS Server.

_acme-challenge.exmaple.com    IN      TXT     "e80Zxtsdkifhiadsjhkadksalkdeo2Oxco1o"

Untuk Konfirmasi bahwa di DNS sudah terdaftar, gunakan perintah berikut ini

nslookup -type=TXT _acme-challenge.example.com localhost

Output jika berhasil

Server:         localhost
Address:        127.0.0.1#53

_acme-challenge.example    text = "e80Zxtsdkifhiadsjhkadksalkdeo2Oxco1o"

Jika sudan terverifikasi Anda bisa Lanjutkan dan akan mendapatkan Cerfitficate SSL

IMPORTANT NOTES: 
- Congratulations! Your certificate and chain have been saved at: 
  /etc/letsencrypt/live/example.com/fullchain.pem 
  Your key file has been saved at: 
  /etc/letsencrypt/live/example.com/privkey.pem 
  Your cert will expire on 2022-02-15. To obtain a new or tweaked 
  version of this certificate in the future, simply run certbot 
  again. To non-interactively renew *all* of your certificates, run 
  "certbot renew" 
- If you like Certbot, please consider supporting our work by: 

  Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate 
  Donating to EFF:                    https://eff.org/donate-le

Certificate berada pada Directory /etc/letsencrypt/live/example.com/

drwxr-xr-x 2 root root 4096 Feb 14 18:35 .
drwx------ 3 root root 4096 Feb 14 18:35 ..
lrwxrwxrwx 1 root root 44 Feb 14 18:35 cert.pem -> ../../archive/example.com/cert1.pem
lrwxrwxrwx 1 root root 45 Feb 14 18:35 chain.pem -> ../../archive/example.com/chain1.pem
lrwxrwxrwx 1 root root 49 Feb 14 18:35 fullchain.pem -> ../../archive/example.com/fullchain1.pem
lrwxrwxrwx 1 root root 47 Feb 14 18:35 privkey.pem -> ../../archive/example.com/privkey1.pem
-rw-r--r-- 1 root root 682 Feb 14 18:35 README

Configuring Nginx WebServer SSL Let’s Encrypt (Install SSL Let’s Encrypt Wildcard)

Sekarang jika sudah mendapatkan SSL Let’s Encrypt Wildcard, lalukan Setup kedalam Webserver Nginx. Kita perlu mengedit file Virtualhost Nginx.

/etc/nginx/conf.d/example.com.conf

Copykan konfigurasi berikut ini, Anda hanya perlu menambakan pada baris SSL, Ingat sesuai kan Subdomain dengan yang Anda gunakan, disini kami menggunakan contoh example.example.com

server {
    listen 80 ;
    server_name example.example.com;
    location / {
    return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name example.example.com;
    ssl_certificate  /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;
    access_log /var/log/nginx/example.example.com_access.log;
    error_log  /var/log/nginx/example.example.com_error.log;
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
    root /var/www/exmaple.example.com; 
    index index.html; 
	
    location / {
		try_files $uri $uri/ =404; 
  }
}

Lalukan Ujicoba pada Nginx, apakah pengaturanyang dibuat berjalan baik.

nginx -t

Output jika berjalan baik

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok 
nginx: configuration file /etc/nginx/nginx.conf test is successful

Lalu jika berjalan baik dan Aman, Restart server Nginx

systemctl restart nginx

Langkah 2 – Let’s Encrypt SSL Wildcard Apache2

Berikut perintah yang akan digunakan untuk melakukan Installasi SSL Wildcard Apache2

Install Certbot

Sebelum melakukan Installasi, pastikan melakukan update System Server terlebih dahulu

apt update

Lalu Install Certbot Nginx, ikuti command berikut ini

apt install certbot python3-certbot-apache2

Generate SSL, lalukan Command berikut untu Generate SSL *.example.com

certbot certonly \
  --agree-tos \
  --email [email protected] \
  --manual \
  --preferred-challenges=dns \
  -d *.example.com \
  --server https://acme-v02.api.letsencrypt.org/directory

Enter, dan akan ada Notifikasi Bahwa IP yang digunakan ini adalah bersifat publik, dan memintah persetujuan dari Anda, dan pilih > “Yes”


Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for example.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Yes

Enter, dan Anda harus memasukan code DNS TXT kedalam DNS Server, agar Let’s Encrypt Wildcard dapat memverifikasi Domain Anda. Berikut Output permintaaan Deploy DNS TXT

Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:

Vcxj5B9qKpTupe7aPw9V7-rWuPFhK8J_92q_qtJHfxw

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Sebelum Melanjutkan atau “Continue”, pasitkan DNS TXT sudah di Deploy ke dalam DNS Server. Berikut tampilan jika sudah di Deploy kedalam DNS Server.

_acme-challenge.exmaple.com    IN      TXT     "e80Zxtsdkifhiadsjhkadksalkdeo2Oxco1o"

Untuk Konfirmasi bahwa di DNS sudah terdaftar, gunakan perintah berikut ini

nslookup -type=TXT _acme-challenge.example.com localhost

Output jika berhasil

Server:         localhost
Address:        127.0.0.1#53

_acme-challenge.example    text = "e80Zxtsdkifhiadsjhkadksalkdeo2Oxco1o"

Jika sudan terverifikasi Anda bisa Lanjutkan dan akan mendapatkan Cerfitficate SSL

IMPORTANT NOTES: 
- Congratulations! Your certificate and chain have been saved at: 
  /etc/letsencrypt/live/example.com/fullchain.pem 
  Your key file has been saved at: 
  /etc/letsencrypt/live/example.com/privkey.pem 
  Your cert will expire on 2022-02-15. To obtain a new or tweaked 
  version of this certificate in the future, simply run certbot 
  again. To non-interactively renew *all* of your certificates, run 
  "certbot renew" 
- If you like Certbot, please consider supporting our work by: 

  Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate 
  Donating to EFF:                    https://eff.org/donate-le

Certificate berada pada Directory /etc/letsencrypt/live/example.com/

drwxr-xr-x 2 root root 4096 Feb 14 18:35 .
drwx------ 3 root root 4096 Feb 14 18:35 ..
lrwxrwxrwx 1 root root 44 Feb 14 18:35 cert.pem -> ../../archive/example.com/cert1.pem
lrwxrwxrwx 1 root root 45 Feb 14 18:35 chain.pem -> ../../archive/example.com/chain1.pem
lrwxrwxrwx 1 root root 49 Feb 14 18:35 fullchain.pem -> ../../archive/example.com/fullchain1.pem
lrwxrwxrwx 1 root root 47 Feb 14 18:35 privkey.pem -> ../../archive/example.com/privkey1.pem
-rw-r--r-- 1 root root 682 Feb 14 18:35 README

Configuring Nginx WebServer SSL Let’s Encrypt

Untuk Konfigurasi Apache2 WebServer sama dengan Nginx, hanya saja lokasi file yang berbeda. Berikut tampilan Konfigurasi WebServer Apache2

/etc/apache2/sites-available/example.com.conf

Tambahkan Code berikut ini kedalam Virtualhost example.com.conf

SSLCertificateFile      /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile   /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem

Berikut tampilan Virtulhost WebServer jika sudah di konfigurasi

<IfModule mod_ssl.c>
        <VirtualHost *:443>
        ServerName ex.example.com
        ServerAlis www.ex.example.com
        ServerAdmin webmaster@localhost

        DocumentRoot /var/www/html/
        Alias /public "/var/www/html"

        <Directory /var/www/html/>
            AllowOverride All
            Options Indexes FollowSymLinks MultiViews
            Order allow,deny
            allow from all
        </Directory>

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        SSLEngine on

        SSLCertificateFile      /etc/letsencrypt/live/example.com/cert.pem
        SSLCertificateKeyFile   /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/fullchain.pem
   
        </VirtualHost>
</IfModule>

Lalu Restart WebsServer Apache2

systemctl restart apache2

Terimakasih telah mengikuti Dokumentasi SSL Let’s Wildcard Certificate Nginx & Apache. Semoga enjoy dan Berhasil menerapkannya 🙂

Alternatif : Link Dokumentasi

Related Post

Kategori