SSL Gratis dari Letsencrypt.org


Status
Not open for further replies.

.Ghost.

Beginner 2.0
saya tau udah lama, cuma ga ngerti cara installnya..
Let's Enscrypt juga setahu saya program yang di dukung om Zuck.

Coba ikutin dokumentasi nya aja : https://letsencrypt.org/howitworks/
Kalau ini langkah-langkah saya ketika installasi dan konfigurasi di VPS Centos 7 saya:
Note:
  • CentOS 7 64 bit minimal installation
  • Service yang terinstall cm ada apache
  • Konfigurasinya di lakukan di konfigurasi default apache dan home direktori nya

Pastikan server CentOS sudah mempunyai git dan repositori epel. Kalau belum install terlebih dahulu:
# yum install git
# yum install epel-release
# yum install mod_ssl

Download file letsencrypt:
# git clone https://github.com/letsencrypt/letsencrypt[/code]

Installasi letsencrypt:
# cd letsencrypt
# ./letsencrypt-auto --help

Setelah selesai, disini saya akan melakukan installasi sertifikat untuk domain enzu02.linboxs.net menggunakan command berikut:
]# ./letsencrypt-auto certonly --webroot -w /var/www/html -d enzu02.linboxs.net

Nanti akan muncul tampilan seperti berikut kemudian masukkan alamat email kita untuk kebutuhan recovery letsencrypt:
letsencrypt01.PNG

Tekan Enter untuk melanjutkan proses nya
letsencrypt02.PNG

Setelah proses selesai akan muncul notifikasi seperti berikut:

IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/enzu02.linboxs.net/fullchain.pem. Your cert
will expire on 2016-04-01. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

File sertifikat akan tersimpan di :
/etc/letsencrypt/live/enzu02.linboxs.net/

Edit file ssl.conf:
# vim /etc/httpd/conf.d/ssl.conf

Rubah letak file SSLCertificateFile, SSLCertificateKeyFile dan SSLCertificateChainFile seperti berikut:
SSLCertificateFile /etc/letsencrypt/live/enzu02.linboxs.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/enzu02.linboxs.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/enzu02.linboxs.net/chain.pem

Setelah itu restart service apache nya:
# systemctl restart httpd

Cek di browser apakah SSL sudah terdeteksi di browser seperti gambar berikut:
letsencrypt03.PNG

Kalau hasil di browser sudah menampilkan seperti gambar di atas artinya domain kita sudah terenkripsi menggunakan SSL Letsencrypt.

Meski gratis SSL Letsencrypt ini hanya valid selama 3 bulan, kalau sudah habis maka kita harus renewal sertifikat lagi. Mudah2an bermanfaat.
 

paijo2

Apprentice 1.0
Coba ikutin dokumentasi nya aja : https://letsencrypt.org/howitworks/
Kalau ini langkah-langkah saya ketika installasi dan konfigurasi di VPS Centos 7 saya:
Note:
  • CentOS 7 64 bit minimal installation
  • Service yang terinstall cm ada apache
  • Konfigurasinya di lakukan di konfigurasi default apache dan home direktori nya

Pastikan server CentOS sudah mempunyai git dan repositori epel. Kalau belum install terlebih dahulu:
# yum install git
# yum install epel-release
# yum install mod_ssl

Download file letsencrypt:
# git clone https://github.com/letsencrypt/letsencrypt[/code]

Installasi letsencrypt:
# cd letsencrypt
# ./letsencrypt-auto --help

Setelah selesai, disini saya akan melakukan installasi sertifikat untuk domain enzu02.linboxs.net menggunakan command berikut:
]# ./letsencrypt-auto certonly --webroot -w /var/www/html -d enzu02.linboxs.net

Nanti akan muncul tampilan seperti berikut kemudian masukkan alamat email kita untuk kebutuhan recovery letsencrypt:
View attachment 2010

Tekan Enter untuk melanjutkan proses nya
View attachment 2011

Setelah proses selesai akan muncul notifikasi seperti berikut:

IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/enzu02.linboxs.net/fullchain.pem. Your cert
will expire on 2016-04-01. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

File sertifikat akan tersimpan di :
/etc/letsencrypt/live/enzu02.linboxs.net/

Edit file ssl.conf:
# vim /etc/httpd/conf.d/ssl.conf

Rubah letak file SSLCertificateFile, SSLCertificateKeyFile dan SSLCertificateChainFile seperti berikut:
SSLCertificateFile /etc/letsencrypt/live/enzu02.linboxs.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/enzu02.linboxs.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/enzu02.linboxs.net/chain.pem

Setelah itu restart service apache nya:
# systemctl restart httpd

Cek di browser apakah SSL sudah terdeteksi di browser seperti gambar berikut:
View attachment 2012

Kalau hasil di browser sudah menampilkan seperti gambar di atas artinya domain kita sudah terenkripsi menggunakan SSL Letsencrypt.

Meski gratis SSL Letsencrypt ini hanya valid selama 3 bulan, kalau sudah habis maka kita harus renewal sertifikat lagi. Mudah2an bermanfaat.

paling mudah pakai acme-tiny . sedikit bash script dari sini: https://gist.github.com/deanet/4754b3c2497e39669f17 , dah bisa pakai SSL Letsencrypt dalam hitungan menit :)

Code:
root@djaja:~# bash -x gen-le-ssl.sh
+ '[' -d ./acme-tiny ']'
+ mkdir ./acme-tiny
+ curl https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9150  100  9150    0     0  37979      0 --:--:-- --:--:-- --:--:-- 47409
+ echo -n 'Enter DN or FQDN: '
Enter DN or FQDN: + read domain
www.abc.com
+ echo -n 'Enter Full Path www: '
Enter Full Path www: + read fullpath
/srv/st
+ echo www.abc.com
www.abc.com
+ echo /srv/st
/srv/st
+ rm -rf www.abc.com
+ echo 'mkdir working directory...'
mkdir working directory...
+ mkdir www.abc.com
++ pwd
+ workdir=/root/www.abc.com/
+ echo 'generate account key for www.abc.com ..'
generate account key for www.abc.com ..
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
.........................................................................................................................................................................................++
........................................................................................++
e is 65537 (0x10001)
+ echo 'generate domain private key....'
generate domain private key....
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
................................................++
...........................++
e is 65537 (0x10001)
+ echo 'generate csr..'
generate csr..
+ openssl req -new -sha256 -key /root/www.abc.com//www.abc.com.key -subj /CN=www.abc.com
+ echo 'create directory acmi at /srv/st..'
create directory acmi at /srv/st..
+ mkdir -p /srv/st/.well-known/acme-challenge
+ echo 'create file verification at /srv/st/.well-known/acme-challenge/..'
create file verification at /srv/st/.well-known/acme-challenge/..
+ echo 'Get a signed certificate..'
Get a signed certificate..
+ python acme-tiny/acme_tiny.py --account-key /root/www.abc.com//www.abc.com_account.key --csr /root/www.abc.com//www.abc.com.csr --acme-dir /srv/st/.well-known/acme-challenge/
Parsing account key...
Parsing CSR...
Registering account...
Registered! 
Verifying www.abc.com...
www.abc.com verified!
Signing certificate...
Certificate signed!
+ wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
--2016-01-06 03:07:05--  https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
Resolving letsencrypt.org (letsencrypt.org)... 23.195.140.215, 2a02:26f0:b7:188::2a1f, 2a02:26f0:b7:187::2a1f
Connecting to letsencrypt.org (letsencrypt.org)|23.195.140.215|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1675 (1.6K) [application/x-x509-ca-cert]
Saving to: `STDOUT'

100%[==============================================================================================================================>] 1,675       --.-K/s   in 0s

2016-01-06 03:07:08 (19.1 MB/s) - written to stdout [1675/1675]

+ cat /root/www.abc.com//signed.crt /root/www.abc.com//intermediate.pem
+ echo 'File www.abc.com/chained.crt = Signed + Intermediate Cert'
File www.abc.com/chained.crt = Signed + Intermediate Cert
+ echo 'File www.abc.com/signed.crt = Signed Cert'
File www.abc.com/signed.crt = Signed Cert
+ echo 'File www.abc.com/www.abc.com.key = Private key'
File www.abc.com/www.abc.com.key = Private key
root@djaja:~#
 

.Ghost.

Beginner 2.0
paling mudah pakai acme-tiny . sedikit bash script dari sini: https://gist.github.com/deanet/4754b3c2497e39669f17 , dah bisa pakai SSL Letsencrypt dalam hitungan menit :)

Code:
root@djaja:~# bash -x gen-le-ssl.sh
+ '[' -d ./acme-tiny ']'
+ mkdir ./acme-tiny
+ curl https://raw.githubusercontent.com/diafygi/acme-tiny/master/acme_tiny.py
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  9150  100  9150    0     0  37979      0 --:--:-- --:--:-- --:--:-- 47409
+ echo -n 'Enter DN or FQDN: '
Enter DN or FQDN: + read domain
www.abc.com
+ echo -n 'Enter Full Path www: '
Enter Full Path www: + read fullpath
/srv/st
+ echo www.abc.com
www.abc.com
+ echo /srv/st
/srv/st
+ rm -rf www.abc.com
+ echo 'mkdir working directory...'
mkdir working directory...
+ mkdir www.abc.com
++ pwd
+ workdir=/root/www.abc.com/
+ echo 'generate account key for www.abc.com ..'
generate account key for www.abc.com ..
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
.........................................................................................................................................................................................++
........................................................................................++
e is 65537 (0x10001)
+ echo 'generate domain private key....'
generate domain private key....
+ openssl genrsa 4096
Generating RSA private key, 4096 bit long modulus
................................................++
...........................++
e is 65537 (0x10001)
+ echo 'generate csr..'
generate csr..
+ openssl req -new -sha256 -key /root/www.abc.com//www.abc.com.key -subj /CN=www.abc.com
+ echo 'create directory acmi at /srv/st..'
create directory acmi at /srv/st..
+ mkdir -p /srv/st/.well-known/acme-challenge
+ echo 'create file verification at /srv/st/.well-known/acme-challenge/..'
create file verification at /srv/st/.well-known/acme-challenge/..
+ echo 'Get a signed certificate..'
Get a signed certificate..
+ python acme-tiny/acme_tiny.py --account-key /root/www.abc.com//www.abc.com_account.key --csr /root/www.abc.com//www.abc.com.csr --acme-dir /srv/st/.well-known/acme-challenge/
Parsing account key...
Parsing CSR...
Registering account...
Registered!
Verifying www.abc.com...
www.abc.com verified!
Signing certificate...
Certificate signed!
+ wget -O - https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
--2016-01-06 03:07:05--  https://letsencrypt.org/certs/lets-encrypt-x1-cross-signed.pem
Resolving letsencrypt.org (letsencrypt.org)... 23.195.140.215, 2a02:26f0:b7:188::2a1f, 2a02:26f0:b7:187::2a1f
Connecting to letsencrypt.org (letsencrypt.org)|23.195.140.215|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1675 (1.6K) [application/x-x509-ca-cert]
Saving to: `STDOUT'

100%[==============================================================================================================================>] 1,675       --.-K/s   in 0s

2016-01-06 03:07:08 (19.1 MB/s) - written to stdout [1675/1675]

+ cat /root/www.abc.com//signed.crt /root/www.abc.com//intermediate.pem
+ echo 'File www.abc.com/chained.crt = Signed + Intermediate Cert'
File www.abc.com/chained.crt = Signed + Intermediate Cert
+ echo 'File www.abc.com/signed.crt = Signed Cert'
File www.abc.com/signed.crt = Signed Cert
+ echo 'File www.abc.com/www.abc.com.key = Private key'
File www.abc.com/www.abc.com.key = Private key
root@djaja:~#

Terima kasih info nya mas :113:
 

brionz

Poster 1.0
Coba ikutin dokumentasi nya aja : https://letsencrypt.org/howitworks/
Kalau ini langkah-langkah saya ketika installasi dan konfigurasi di VPS Centos 7 saya:
Note:
  • CentOS 7 64 bit minimal installation
  • Service yang terinstall cm ada apache
  • Konfigurasinya di lakukan di konfigurasi default apache dan home direktori nya

Pastikan server CentOS sudah mempunyai git dan repositori epel. Kalau belum install terlebih dahulu:
# yum install git
# yum install epel-release
# yum install mod_ssl

Download file letsencrypt:
# git clone https://github.com/letsencrypt/letsencrypt[/code]

Installasi letsencrypt:
# cd letsencrypt
# ./letsencrypt-auto --help

Setelah selesai, disini saya akan melakukan installasi sertifikat untuk domain enzu02.linboxs.net menggunakan command berikut:
]# ./letsencrypt-auto certonly --webroot -w /var/www/html -d enzu02.linboxs.net

Nanti akan muncul tampilan seperti berikut kemudian masukkan alamat email kita untuk kebutuhan recovery letsencrypt:
View attachment 2010

Tekan Enter untuk melanjutkan proses nya
View attachment 2011

Setelah proses selesai akan muncul notifikasi seperti berikut:

IMPORTANT NOTES:
- If you lose your account credentials, you can recover through
e-mails sent to [email protected].
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/enzu02.linboxs.net/fullchain.pem. Your cert
will expire on 2016-04-01. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- Your account credentials have been saved in your Let's Encrypt
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Let's
Encrypt so making regular backups of this folder is ideal.
- If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

File sertifikat akan tersimpan di :
/etc/letsencrypt/live/enzu02.linboxs.net/

Edit file ssl.conf:
# vim /etc/httpd/conf.d/ssl.conf

Rubah letak file SSLCertificateFile, SSLCertificateKeyFile dan SSLCertificateChainFile seperti berikut:
SSLCertificateFile /etc/letsencrypt/live/enzu02.linboxs.net/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/enzu02.linboxs.net/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/enzu02.linboxs.net/chain.pem

Setelah itu restart service apache nya:
# systemctl restart httpd

Cek di browser apakah SSL sudah terdeteksi di browser seperti gambar berikut:
View attachment 2012

Kalau hasil di browser sudah menampilkan seperti gambar di atas artinya domain kita sudah terenkripsi menggunakan SSL Letsencrypt.

Meski gratis SSL Letsencrypt ini hanya valid selama 3 bulan, kalau sudah habis maka kita harus renewal sertifikat lagi. Mudah2an bermanfaat.

BTW tuan, kalo CENTOS 6.7 x86_64 kvm bisa kah?, maaf sebelumnya saya emang segini adanya tuan hehe...
 
Status
Not open for further replies.

Top