Skip to main content

Install SSL Let's Encrypt Wildcard di CentOS

SSL Wildcard dapat digunakan untuk main domain, maupun sub domain. Jadi, tidak perlu generate key ketika ada sub domain baru. Berikut step untuk install SSL Let's Encrypt Wildcard

Generate SSL Key

Install package yang dibutuhkan

yum install certbot python3-certbot-apache

Buat cert untuk domain. Pastikan menggunakan * seperti contoh *.namadomain.co.id

certbot certonly --manual -d *.namadomain.co.id -d namadomain.co.id --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory

Please deploy a DNS TXT record under the name
_acme-challenge.mobilaku.co.id with the following value:
shZYsuuRcxQMimcOMR6wTQNjmt8PgKzYZ2Be4jJRo5Y

Tambahkan TXT Record di manajemen DNS masing-masing.
Nama : _acme-challenge.mobilaku.co.id
Value : shZYsuuRcxQMimcOMR6wTQNjmt8PgKzYZ2Be4jJRo5Y

Normalnya tunggu 5-10 menit kemudian enter. Maka diminta masukkan DNS TXT yang kedua. Perlakuan sama dengan yang pertama. Jika berhasil maka akan tampil pesan seperti dibawah, serta letak file key tersimpan

IMPORTANT NOTES:
Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/namadomain.co.id-0001/fullchain.pem
Your key file has been saved at: /etc/letsencrypt/live/namadomain.co.id-0001/privkey.pem
Your cert will expire on 2020-11-25. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew all of your certificates, run
"certbot renew"

Cert key hanya berlaku beberapa bulan, agar otomatis generate key masukkan di crontab linux perintah berikut

certbot renew

Setting SSL di Nginx

Sesuaikan letak file key pada konfigurasi nginx

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /etc/letsencrypt/live/namadomain.co.id-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/namadomain.co.id-0001/privkey.pem;

Setting SSL di Apache

Untuk apache, sesuaikan lokasi file key di settingan virtual host apache

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/namadomain.co.id-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/namadomain.co.id-0001/privkey.pem

Sumber