SSL Gratis dari Letsencrypt.org


Status
Not open for further replies.
brionz said:
saya tau udah lama, cuma ga ngerti cara installnya..
Let's Enscrypt juga setahu saya program yang di dukung om Zuck.
Click to expand...

Coba ikutin dokumentasi nya aja : https://letsencrypt.org/howitworks/
Kalau ini langkah-langkah saya ketika installasi dan konfigurasi di VPS Centos 7 saya:
Note:
  • CentOS 7 64 bit minimal installation
  • Service yang terinstall cm ada apache
  • Konfigurasinya di lakukan di konfigurasi default apache dan home direktori nya

Pastikan server CentOS sudah mempunyai git dan repositori epel. Kalau belum install terlebih dahulu:
# yum install git
# yum install epel-release
# yum install mod_ssl

Download file letsencrypt:
# git clone https://github.com/letsencrypt/letsencrypt[/code]

Installasi letsencrypt:
# cd letsencrypt
# ./letsencrypt-auto --help

Setelah selesai, disini saya akan melakukan installasi sertifikat untuk domain enzu02.linboxs.net menggunakan command berikut:
]# ./letsencrypt-auto certonly --webroot -w /var/www/html -d enzu02.linboxs.net

Nanti akan muncul tampilan seperti berikut kemudian masukkan alamat email kita untuk kebutuhan recovery letsencrypt:
letsencrypt01.PNG

Tekan Enter untuk melanjutkan proses nya
letsencrypt02.PNG

Setelah proses selesai akan muncul notifikasi seperti berikut:

IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/enzu02.linboxs.net/fullchain.pem. Your cert
will expire on 2016-04-01. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

File sertifikat akan tersimpan di :
/etc/letsencrypt/live/enzu02.linboxs.net/

Edit file ssl.conf:
# vim /etc/httpd/conf.d/ssl.conf

Rubah letak file SSLCertificateFile, SSLCertificateKeyFile dan SSLCertificateChainFile seperti berikut:
SSLCertificateFile /etc/letsencrypt/live/enzu02.linboxs.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/enzu02.linboxs.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/enzu02.linboxs.net/chain.pem

Setelah itu restart service apache nya:
# systemctl restart httpd

Cek di browser apakah SSL sudah terdeteksi di browser seperti gambar berikut:
letsencrypt03.PNG

Kalau hasil di browser sudah menampilkan seperti gambar di atas artinya domain kita sudah terenkripsi menggunakan SSL Letsencrypt.

Meski gratis SSL Letsencrypt ini hanya valid selama 3 bulan, kalau sudah habis maka kita harus renewal sertifikat lagi. Mudah2an bermanfaat.
 
.Ghost. said:
Coba ikutin dokumentasi nya aja : https://letsencrypt.org/howitworks/
Kalau ini langkah-langkah saya ketika installasi dan konfigurasi di VPS Centos 7 saya:
Note:
  • CentOS 7 64 bit minimal installation
  • Service yang terinstall cm ada apache
  • Konfigurasinya di lakukan di konfigurasi default apache dan home direktori nya

Pastikan server CentOS sudah mempunyai git dan repositori epel. Kalau belum install terlebih dahulu:
# yum install git
# yum install epel-release
# yum install mod_ssl

Download file letsencrypt:
# git clone https://github.com/letsencrypt/letsencrypt[/code]

Installasi letsencrypt:
# cd letsencrypt
# ./letsencrypt-auto --help

Setelah selesai, disini saya akan melakukan installasi sertifikat untuk domain enzu02.linboxs.net menggunakan command berikut:
]# ./letsencrypt-auto certonly --webroot -w /var/www/html -d enzu02.linboxs.net

Nanti akan muncul tampilan seperti berikut kemudian masukkan alamat email kita untuk kebutuhan recovery letsencrypt:
View attachment 2010

Tekan Enter untuk melanjutkan proses nya
View attachment 2011

Setelah proses selesai akan muncul notifikasi seperti berikut:

IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/enzu02.linboxs.net/fullchain.pem. Your cert
will expire on 2016-04-01. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

File sertifikat akan tersimpan di :
/etc/letsencrypt/live/enzu02.linboxs.net/

Edit file ssl.conf:
# vim /etc/httpd/conf.d/ssl.conf

Rubah letak file SSLCertificateFile, SSLCertificateKeyFile dan SSLCertificateChainFile seperti berikut:
SSLCertificateFile /etc/letsencrypt/live/enzu02.linboxs.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/enzu02.linboxs.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/enzu02.linboxs.net/chain.pem

Setelah itu restart service apache nya:
# systemctl restart httpd

Cek di browser apakah SSL sudah terdeteksi di browser seperti gambar berikut:
View attachment 2012

Kalau hasil di browser sudah menampilkan seperti gambar di atas artinya domain kita sudah terenkripsi menggunakan SSL Letsencrypt.

Meski gratis SSL Letsencrypt ini hanya valid selama 3 bulan, kalau sudah habis maka kita harus renewal sertifikat lagi. Mudah2an bermanfaat.
Click to expand...

paling mudah pakai acme-tiny . sedikit bash script dari sini: https://gist.github.com/deanet/4754b3c2497e39669f17 , dah bisa pakai SSL Letsencrypt dalam hitungan menit :)

Code: 
root@djaja:~# bash -x gen-le-ssl.sh
+ '[' -d ./acme-tiny ']'
+ mkdir ./acme-tiny
+ curl https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9150  100  9150    0     0  37979      0 --:--:-- --:--:-- --:--:-- 47409
+ echo -n 'Enter DN or FQDN: '
Enter DN or FQDN: + read domain
www.abc.com
+ echo -n 'Enter Full Path www: '
Enter Full Path www: + read fullpath
/srv/st
+ echo www.abc.com
www.abc.com
+ echo /srv/st
/srv/st
+ rm -rf www.abc.com
+ echo 'mkdir working directory...'
mkdir working directory...
+ mkdir www.abc.com
++ pwd
+ workdir=/root/www.abc.com/
+ echo 'generate account key for www.abc.com ..'
generate account key for www.abc.com ..
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
.........................................................................................................................................................................................++
........................................................................................++
e is 65537 (0x10001)
+ echo 'generate domain private key....'
generate domain private key....
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
................................................++
...........................++
e is 65537 (0x10001)
+ echo 'generate csr..'
generate csr..
+ openssl req -new -sha256 -key /root/www.abc.com//www.abc.com.key -subj /CN=www.abc.com
+ echo 'create directory acmi at /srv/st..'
create directory acmi at /srv/st..
+ mkdir -p /srv/st/.well-known/acme-challenge
+ echo 'create file verification at /srv/st/.well-known/acme-challenge/..'
create file verification at /srv/st/.well-known/acme-challenge/..
+ echo 'Get a signed certificate..'
Get a signed certificate..
+ python acme-tiny/acme_tiny.py --account-key /root/www.abc.com//www.abc.com_account.key --csr /root/www.abc.com//www.abc.com.csr --acme-dir /srv/st/.well-known/acme-challenge/
Parsing account key...
Parsing CSR...
Registering account...
Registered! 
Verifying www.abc.com...
www.abc.com verified!
Signing certificate...
Certificate signed!
+ wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
--2016-01-06 03:07:05--  https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
Resolving letsencrypt.org (letsencrypt.org)... 23.195.140.215, 2a02:26f0:b7:188::2a1f, 2a02:26f0:b7:187::2a1f
Connecting to letsencrypt.org (letsencrypt.org)|23.195.140.215|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1675 (1.6K) [application/x-x509-ca-cert]
Saving to: `STDOUT'

100%[==============================================================================================================================>] 1,675       --.-K/s   in 0s

2016-01-06 03:07:08 (19.1 MB/s) - written to stdout [1675/1675]

+ cat /root/www.abc.com//signed.crt /root/www.abc.com//intermediate.pem
+ echo 'File www.abc.com/chained.crt = Signed + Intermediate Cert'
File www.abc.com/chained.crt = Signed + Intermediate Cert
+ echo 'File www.abc.com/signed.crt = Signed Cert'
File www.abc.com/signed.crt = Signed Cert
+ echo 'File www.abc.com/www.abc.com.key = Private key'
File www.abc.com/www.abc.com.key = Private key
root@djaja:~#
 
paijo2 said:
paling mudah pakai acme-tiny . sedikit bash script dari sini: https://gist.github.com/deanet/4754b3c2497e39669f17 , dah bisa pakai SSL Letsencrypt dalam hitungan menit :)

Code: 
root@djaja:~# bash -x gen-le-ssl.sh
+ '[' -d ./acme-tiny ']'
+ mkdir ./acme-tiny
+ curl https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9150  100  9150    0     0  37979      0 --:--:-- --:--:-- --:--:-- 47409
+ echo -n 'Enter DN or FQDN: '
Enter DN or FQDN: + read domain
www.abc.com
+ echo -n 'Enter Full Path www: '
Enter Full Path www: + read fullpath
/srv/st
+ echo www.abc.com
www.abc.com
+ echo /srv/st
/srv/st
+ rm -rf www.abc.com
+ echo 'mkdir working directory...'
mkdir working directory...
+ mkdir www.abc.com
++ pwd
+ workdir=/root/www.abc.com/
+ echo 'generate account key for www.abc.com ..'
generate account key for www.abc.com ..
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
.........................................................................................................................................................................................++
........................................................................................++
e is 65537 (0x10001)
+ echo 'generate domain private key....'
generate domain private key....
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
................................................++
...........................++
e is 65537 (0x10001)
+ echo 'generate csr..'
generate csr..
+ openssl req -new -sha256 -key /root/www.abc.com//www.abc.com.key -subj /CN=www.abc.com
+ echo 'create directory acmi at /srv/st..'
create directory acmi at /srv/st..
+ mkdir -p /srv/st/.well-known/acme-challenge
+ echo 'create file verification at /srv/st/.well-known/acme-challenge/..'
create file verification at /srv/st/.well-known/acme-challenge/..
+ echo 'Get a signed certificate..'
Get a signed certificate..
+ python acme-tiny/acme_tiny.py --account-key /root/www.abc.com//www.abc.com_account.key --csr /root/www.abc.com//www.abc.com.csr --acme-dir /srv/st/.well-known/acme-challenge/
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying www.abc.com...
www.abc.com verified!
Signing certificate...
Certificate signed!
+ wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
--2016-01-06 03:07:05--  https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
Resolving letsencrypt.org (letsencrypt.org)... 23.195.140.215, 2a02:26f0:b7:188::2a1f, 2a02:26f0:b7:187::2a1f
Connecting to letsencrypt.org (letsencrypt.org)|23.195.140.215|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1675 (1.6K) [application/x-x509-ca-cert]
Saving to: `STDOUT'

100%[==============================================================================================================================>] 1,675       --.-K/s   in 0s

2016-01-06 03:07:08 (19.1 MB/s) - written to stdout [1675/1675]

+ cat /root/www.abc.com//signed.crt /root/www.abc.com//intermediate.pem
+ echo 'File www.abc.com/chained.crt = Signed + Intermediate Cert'
File www.abc.com/chained.crt = Signed + Intermediate Cert
+ echo 'File www.abc.com/signed.crt = Signed Cert'
File www.abc.com/signed.crt = Signed Cert
+ echo 'File www.abc.com/www.abc.com.key = Private key'
File www.abc.com/www.abc.com.key = Private key
root@djaja:~#
Click to expand...

Terima kasih info nya mas :113:
 
.Ghost. said:
Coba ikutin dokumentasi nya aja : https://letsencrypt.org/howitworks/
Kalau ini langkah-langkah saya ketika installasi dan konfigurasi di VPS Centos 7 saya:
Note:
  • CentOS 7 64 bit minimal installation
  • Service yang terinstall cm ada apache
  • Konfigurasinya di lakukan di konfigurasi default apache dan home direktori nya

Pastikan server CentOS sudah mempunyai git dan repositori epel. Kalau belum install terlebih dahulu:
# yum install git
# yum install epel-release
# yum install mod_ssl

Download file letsencrypt:
# git clone https://github.com/letsencrypt/letsencrypt[/code]

Installasi letsencrypt:
# cd letsencrypt
# ./letsencrypt-auto --help

Setelah selesai, disini saya akan melakukan installasi sertifikat untuk domain enzu02.linboxs.net menggunakan command berikut:
]# ./letsencrypt-auto certonly --webroot -w /var/www/html -d enzu02.linboxs.net

Nanti akan muncul tampilan seperti berikut kemudian masukkan alamat email kita untuk kebutuhan recovery letsencrypt:
View attachment 2010

Tekan Enter untuk melanjutkan proses nya
View attachment 2011

Setelah proses selesai akan muncul notifikasi seperti berikut:

IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/enzu02.linboxs.net/fullchain.pem. Your cert
will expire on 2016-04-01. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

File sertifikat akan tersimpan di :
/etc/letsencrypt/live/enzu02.linboxs.net/

Edit file ssl.conf:
# vim /etc/httpd/conf.d/ssl.conf

Rubah letak file SSLCertificateFile, SSLCertificateKeyFile dan SSLCertificateChainFile seperti berikut:
SSLCertificateFile /etc/letsencrypt/live/enzu02.linboxs.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/enzu02.linboxs.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/enzu02.linboxs.net/chain.pem

Setelah itu restart service apache nya:
# systemctl restart httpd

Cek di browser apakah SSL sudah terdeteksi di browser seperti gambar berikut:
View attachment 2012

Kalau hasil di browser sudah menampilkan seperti gambar di atas artinya domain kita sudah terenkripsi menggunakan SSL Letsencrypt.

Meski gratis SSL Letsencrypt ini hanya valid selama 3 bulan, kalau sudah habis maka kita harus renewal sertifikat lagi. Mudah2an bermanfaat.
Click to expand...

BTW tuan, kalo CENTOS 6.7 x86_64 kvm bisa kah?, maaf sebelumnya saya emang segini adanya tuan hehe...
 
Status
Not open for further replies.
Back
Top