Install SSL Let’s Encrypt Nginx di Ubuntu 22.04

SSL sudah menjadi elemen penting selain meningkatkan kualitas security di sisi website, juga untuk menambah tingkat kepercayaan customer. Pada artikel ini, kami akan membahas mengenai cara install SSL Let’s Encrypt Nginx di Ubuntu 22.04.

Letsencrypt Ubuntu Nginx


Pengertian Let’s Encrypt

Let’s Encrypt adalah certificate authority yang menyediakan SSL sertifikat secara gratis untuk dapat secure dan dapat digunakan secara bebas. Bedanya dengan SSL yang berbayar, SSL berbayar memiliki periode waktu 1-tahunan, sedangkan Let’s Encrypt hanya per-90 hari, sehingga perlu lakukan renewal setiap per-90 hari.

Cara Install SSL Let’s Encrypt Pada Nginx di Ubuntu 22.04

Berikut cara install SSL Let’s Encrypt pada Nginx di Ubuntu 22.04, di antaranya:

Update Server

Login sebagai root ke server dan update server untuk memastikan packages nya sudah up-to-date.

$ apt-get update -y

$ reboot

Install beberapa packages yang dibutuhkan.

$ apt-get install nano perl wget git -y

Install Snapd
Untuk Instalasi SSL Let’s Encrypt, kami menggunakan Snapd, yaitu software packaging & deployment system. Berikut instruksinya.

$ apt-get install snapd -y 
$ systemctl enable --now snapd.socket
$ ln -s /var/lib/snapd/snap /snap

Install Certbot Classic.
$ snap install certbot --classic
$ ln -s /snap/bin/certbot /usr/bin/certbot

Clone SSL Let’s Encrypt.
$ cd ~
$ git clone https://github.com/letsencrypt/letsencrypt
$ cd letsencrypt

Generate certificates.
$ systemctl stop nginx
$ certbot certonly --standalone
$ systemctl start nginx

Output:

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Enter email address (used for urgent renewal and security notices)

 (Enter 'c' to cancel): admin@emailanda.com

Please read the Terms of Service at

https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf. You must

agree in order to register with the ACME server. Do you agree?

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(Y)es/(N)o: Y

Would you be willing, once your first certificate is successfully issued, to

share your email address with the Electronic Frontier Foundation, a founding

partner of the Let's Encrypt project and the non-profit organization that

develops Certbot? We'd like to send you email about our work encrypting the web,

EFF news, campaigns, and ways to support digital freedom.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(Y)es/(N)o: N

Please enter the domain name(s) you would like on your certificate (comma and/or

space separated) (Enter 'c' to cancel): vps001.domainanda.com

Requesting a certificate for vps001.domainanda.com

Successfully received certificate.

Certificate is saved at: /etc/letsencrypt/live/vps001.domainanda.com/fullchain.pem

Key is saved at:         /etc/letsencrypt/live/vps001.domainanda.com/privkey.pem

This certificate expires on 2023-07-17.

These files will be updated when the certificate renews.

Certbot has set up a scheduled task to automatically renew this certificate in the background.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If you like Certbot, please consider supporting our work by:

 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate

 * Donating to EFF:                    https://eff.org/donate-le

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Path sertifikat SSL berada pada:

Certificate is saved at: /etc/letsencrypt/live/vps001.domainanda.com/fullchain.pem
Key is saved at:  /etc/letsencrypt/live/vps001.domainanda.com/privkey.pem

Ubah nama domainnya sesuai dengan yang kamu ingin gunakan, jika sudah start kembali Nginx Servicenya.

$ systemctl start nginx


Setting Virtual Host Nginx

Setelah instalasi selesai, setting Virtual Host Nginx untuk domain yang kamu generate SSL Let’s Encrypt nya.
$ nano /etc/nginx/conf.d/vps001.domainanda.conf

Pastekan script di bawah ini.

server {

    listen 80;

    server_name vps001.domainanda.com;

    # enforce https

    return 301 https://$server_name$request_uri;

}

server {

        listen 443 ssl;     # port default untuk https

        server_name vps001.domainanda.com;

        ssl_certificate /etc/letsencrypt/live/vps001.domainanda.com/fullchain.pem;

        ssl_certificate_key /etc/letsencrypt/live/vps001.domainanda.com/privkey.pem;

        ssl_session_timeout 5m;

        ssl_protocols TLSv1.2 TLSv1.3;

        ssl_prefer_server_ciphers on;

        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';

        root /usr/share/nginx/html;

}

Save dan exit.

Cek konfigurasi Nginx.

$ nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok

nginx: configuration file /etc/nginx/nginx.conf test is successful
Restart Nginx.

$ systemctl restart nginx

Testing
Langkah terakhir adalah testing, kamu bisa akses langsung website yang kamu sudah setting sebelumnya