Cara Install SSL di Apache

Artikel ini saya akan membahas tentang cara kita bagaimana install atau pasang SSL di Apache menggunakan Let’s Enrcrypt, karena belakangan ini saya beberapa kali melakukan installasi SSL menggunakan Let’s Enrcypt entah itu Nginx maupun Apache dan juga entah itu di ubuntu atau Centos server.

Hal hal yang perlu di perhatikan sebelum install SSL di Apache :

  • Pastikan subdomain yang akan di generate SSL sudah resolved A recordnya.
  • Saya sarankan untuk menggunakan metode virtual host / conf di Apache create sendiri , silahkan klik link berikut ini.

Cara Install SSL menggunakan Let’s Encrypt di Apache :

Step 1 – Install CertBot

Install Certbot dan apache plugin :

$sudo apt install certbot python3-certbot-apache

Step 2 – Configuration Apache VHost

  • Lakukan pengecekan pada configuration cond kita di file .conf
$sudo nano /etc/apache2/sites-available/example.conf
  • Pastikan server_namenya benar subdomain / domain yang digunakan, jika lebih dari 1 domain tinggal tambahkan dengan spasi.
...
ServerName example.com
ServerAlias www.example.com app.example.com
...
  • Testing conf apache
$sudo apache2ctl configtest
  • Reload apachenya
$sudo systemctl reload apache2
Step 3 – Obatining an SSL Certificate

Gunakan syntax plugin certbot dan tambahkan domain yang sudah kalian input di .conf Apache tadi

$ sudo certbot --apache -d example.com -d www.example.com -d app.example.com
atau
$ sudo certbot --apache
  • Certbot adalah syntax plugin --apache web server yang digunakan dan -d spesifikasi nama domain yang ada di .conf file apache kita.
Output
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): you@example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N
Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: example.com
2: www.example.com
3. app.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):  ENTER 

NB : Jika kalian ingin memilih semua sub domain ter generate maka klik ENTER dan jika hanya satu sub domain saja maka input angkanya saja misal 1.

  • Pilih redirect secara otomatis, supaya saat user akan access ke http dia akan otomatis beralih ke https
Output
Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: No redirect - Make no further changes to the webserver configuration.
2: Redirect - Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-2] then [enter] (press 'c' to cancel): 2
  • Jika proses yang berjalan diatas sudah selesai maka akan ada notif seperti dibawah ini dan tandanya SSL berhasil terinstall di domain kita
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2020-08-18. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot again
   with the "certonly" option. To non-interactively renew *all* of
   your certificates, run "certbot renew"
 - If you like Certbot, please consider supporting our work by:
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Step 5 – Memverifikasi Perpanjangan Otomatis Certbot

  • Lakukan query status di certbot timer
$ sudo systemctl status certbot.timer
Outpu
● certbot.timer - Run certbot twice daily
     Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
     Active: active (waiting) since Mon 2020-05-04 20:04:36 UTC; 2 weeks 1 days ago
    Trigger: Thu 2020-05-21 05:22:32 UTC; 9h left
   Triggers: ● certbot.service
  • Renewal cerbot
$ sudo certbot renew --dry-run

Demikian artikel ini saya buat, selamat mencoba.

Leave a Reply

Your email address will not be published. Required fields are marked *