cara membuat certificate SSL gratis dari let’s encrypt

CARA MEMBUAT CERTIFICATE SSL DARI LET’S ENCRYPT

sebelum membuat Certificate Let’s Encrypt, pertama sudah membuat virtualhost domain, disini saya memakai webserver dari apache dan harus mempunyai domain yang didapat dari membeli domain pada jasa penjual domain, jika semuanya sudah siap, maka langkah selanjutnya adalah melakukan installasi paket certbot apache, caranya yaitu :

sudo apt install certbot python3-certbot-apache -y

sesudah melakukan langkah diatas, maka langkah selanjutnya adalah membuat sertifikat SSL dari Let’s Encrypt, caranya yaitu :

sudo certbot --apache

perintah ini akan meminta Anda menjawab serangkaian pertanyaan untuk mengkonfigurasi sertifikat SSL Anda. Ikuti sesuai petunjuk yang diberikan, sebagai contoh :

This script will prompt you to answer a series of questions in order to configure your SSL certificate.
First, it will ask you for a valid email address. 
This email will be used for renewal notifications and security notices:

Output
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices)
 (Enter 'c' to cancel): admin@gmail.com

After providing a valid email address, press ENTER to proceed to the next step. 
You will then be prompted to confirm if you agree to Let’s Encrypt terms of service. 
You can confirm by pressing Y and then ENTER:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Next, you’ll be asked if you would like to share your email with the Electronic Frontier Foundation to receive news and other information. 
If you do not want to subscribe to their content, write N. Otherwise, write Y then press ENTER to proceed to the next step:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: N

The next step will prompt you to inform Certbot of which domains you’d like to activate HTTPS for. 
The listed domain names are automatically obtained from your Apache virtual host configuration, 
so it’s important to make sure you have the correct ServerName and ServerAlias settings configured in your virtual host. 
If you’d like to enable HTTPS for all listed domain names (recommended), you can leave the prompt blank and press ENTER to proceed. 
Otherwise, select the domains you want to enable HTTPS for by listing each appropriate number, separated by commas and/ or spaces, then press ENTER:

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: lemabang.com
2: www.lemabang.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): Enter

catatan :

Also Read:

Cara mengamankan wordpress dengan Fail2ban

ganti email admin@gmail.com dengan email kalian.

Untuk memeriksa status layanan ini dan memastikan bahwa layanan sudah aktif dan berjalan, Anda dapat menggunakan:

Also Read:

Cara installasi FTP server di linux ubuntu

sudo systemctl status certbot.timer

maka akan tampil outputnya seperti ini :

● certbot.timer - Run certbot twice daily
     Loaded: loaded (/usr/lib/systemd/system/certbot.timer; enabled; preset: enabled)
     Active: active (waiting) since Sat 2024-06-15 07:02:41 WIB; 3 days ago
    Trigger: Tue 2024-06-18 07:27:39 WIB; 18min left
   Triggers: ● certbot.service

Jun 15 07:02:41 mail systemd[1]: Started certbot.timer - Run certbot twice daily.

langkah selanjutnya yaitu  melakukan test renew sertifikatnya, apakah berjalan atau tidak, caranya yaitu :

Also Read:

Cara install Fail2ban di linux ubuntu

sudo certbot renew --dry-run

maka akan tampil outputnya seperti ini :

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/lemabang.com.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for lemabang.com and 3 more domains

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
  /etc/letsencrypt/live/lemabang.com/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Jika Anda memiliki beberapa sertifikat untuk domain berbeda dan ingin memperbarui sertifikat tertentu, gunakan perintah:

certbot certonly --force-renew -d lemabang.com

jika semuanya sudah berfungsi, maka selanjutnya membuat cron supaya memperbaharui sertifikatnya secara otomatis, caranya yaitu :

sudo crontab -e

lalu ada pertannyaan pilih angkah 1 yang ada tulisan nano, lalu masukkan perintah ini :

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --renew-hook "systemctl reload apache2"

Also Read:

Cara menginstall samba server di linux ubuntu noble