Jumat, 24 November 2017

author photo
Cara Install SSL Letsencrypt di ServerPilot Free Plan - Hai sobat Danifin, kebetulan hari ini saya lagi manage server sendiri, ada ide nih buat artikel tentang Cara Install SSL Letsencrypt di ServerPilot Free Plan, Nah bagi sobat yang me-manage servernya sendiri menggunakan bantuan dari serverpilot, pasti tau dong jika free plan dari serverpilot ini di lock oleh serverpilot sendiri, jika mau membuka fitur ini kamu harus mengeluarkan biaya yang tidak sedikit, memang sih ada alternatifnya yaitu cloudflare, namun ssl dari cloudflare yang sering tidak dapat diakses dari browser atau os jadul  serta captcha dari cloudflare yang menjengkelkan khususnya untuk visitor indonesia yang browsernya/os masih jadul eh tiba-tiba muncul captcha, hal itulah  yang menyebabkan banyak yang lebih suka menggunakan letsencrypt ketimbang ssl Comodo dari Cloudflare Free Plan.


Cara Install SSL Letsencrypt di ServerPilot Free Plan 


Nah langsung ke tutorialnya aja yuk:

Cara Pertama (sudah tidak work, ada error di sple.sh, lanjut ke cara ke 2)

1.) Pertama kamu masuk ke root melalui terminal putty (sudah tau pasti ya)
2.) Untuk meng-install Let’s Encrypt free SSL certificate dengan fitur auto-renewal di server kamu (managed by ServerPilot), nah kamu masukkan command berikut ini (gunakan klik kanan-copy di blog ini untuk copas):
sudo git clone https://github.com/rehmatworks/serverpilot-letsencrypt.git && cd serverpilot-letsencrypt && sudo mv sple.sh /usr/local/bin/rwssl && sudo chmod +x /usr/local/bin/rwssl && (crontab -l ; echo "@monthly \"sudo service nginx-sp stop && yes | letsencrypt --standalone renew &>/dev/null && service nginx-sp start && service nginx-sp reload\"")| crontab - && service cron reload
3.) Jika sudah kamu ketikkan command berikut:
rwssl
4.)  Ketikkan command berikut:
install
5.) Masukkan domain/subdomain yang akan dipasang ssl tanpa www. (sebelumnya terinstall di serverpilot)
6.) Masukkan nama app seperti di serverpilot (paham pasti)
7.) Selanjutnya kamu pilih main/sub (main:domain sub:subdomain), ketikkan main atau sub
8.) Enter
9.) SSL Letsencrypt sudah terinstall

Note:

  • Jika muncul pesan "SSL cannot be obtained at the moment. Please try again.", Pause dulu Cloudflare atau CDN kamu, setelah selesai kamu bisa aktifkan lagi.
  • Jika sudah terpasang Letsencrypt kamu bisa mengganti opsi flexible menjadi full atau full (strict) di Crypto Cloudflare

Cara Kedua

Update Terbaru (Jika sple.sh tidak ada di direktori)

Nah, jika cara di atas masih belum bisa atau muncul error sple.sh not found, lanjut ke step berikutnya.

1.) Masuk terminal putty dalam posisi root, klo sudah ketikkan: 
cd
2.) Hapus Folder LetsEncrypt yang gagal tadi, ketikkan: (jika belum install cara pertama lanjut ke no 3)
rm -R serverpilot-letsencrypt
3.) Buat script sple.sh, ketikkan (saya menggunakan nano text editor):
nano sple.sh
4.) Isi scriptnya seperti dibawah ini, klo susah copas visit sumber scriptnya saja https://github.com/lesaff/serverpilot-letsencrypt/blob/master/sple.sh:
#!/bin/bash
# Bash script to create/add Let's Encrypt SSL to ServerPilot app
# by Rudy Affandi (2016)
# Edited Aug 14, 2016

# Todo
# 1. Generate certificate
# /usr/local/bin/certbot-auto certonly --webroot -w /srv/users/$username/apps/appname/public -d appdomain.tld
# 2. Generate appname.ssl.conf file
# 3. Restart nginx
# sudo service nginx-sp restart
# 4. Confirm that it's done and show how to do auto-renew via CRON

# Settings
ubuntu=$(lsb_release -r -s)
certbotfolder=/usr/local/bin/certbot-auto
appfolder=/srv/users/$username/apps
conffolder=/etc/nginx-sp/vhosts.d
acmeconfigfolder=/etc/nginx-sp/letsencrypt.d
acmeconfigfile="$acmeconfigfolder/letsencrypt-acme-challenge.conf"

# Make sure this script is run as root
if [ "$EUID" -ne 0 ]
then 
    echo ""
echo "Please run this script as root."
exit
fi

# Check for Ubuntu version
# 14.04 Trusty Tahr
if [ $ubuntu == '14.04' ]
then

    # Check for Let's Encrypt installation
    if [ ! -f "$certbotfolder" ]
    then
        echo "Let's Encrypt is not installed/found in your root folder. Would you like to install it?"
        read -p "Y or N " -n 1 -r
        echo ""
        if [[ "$REPLY" =~ ^[Yy]$ ]]
        then
            cd /root && sudo wget https://dl.eff.org/certbot-auto
            chmod a+x certbot-auto
            mv certbot-auto /usr/local/bin/
        else
            exit
        fi
    fi
fi

# 16.04 Xenial Xerus
if [ $ubuntu == '16.04' ]
then

    le=$(dpkg-query -W -f='${Status}' letsencrypt 2>/dev/null | grep -c "ok installed")
    
    if [ $le == 0 ]
    then
        echo "Let's Encrypt is not installed/found. Would you like to continue to install it?"
        read -p "Y or N" -n 1 -r
        echo ""
        if [[ "$REPLY" =~ ^[Yy]$ ]]
        then
            sudo apt-get update
            sudo apt-get install letsencrypt -y
        fi 
    fi
fi

echo ""
echo ""
echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-="
echo ""
echo "  Let's Encrypt SSL Certificate Generator"
echo "  For ServerPilot-managed server instances"
echo ""
echo "  Written by Rudy Affandi (2016)"
echo "  https://github.com/lesaff/"
echo ""
echo "=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-="
echo ""
echo ""
echo "Please enter your app name:"
read appname
echo ""
echo "Please enter the System User name for the app:"
read username
echo ""
echo "Please enter all the domain names and sub-domain names"
echo "you would like to use, separated by space"
read domains

# Assign domain names to array
APPDOMAINS=()
for domain in $domains; do
   APPDOMAINS+=("$domain")
done

# Assign domain list to array
APPDOMAINLIST=()
for domain in $domains; do
   APPDOMAINLIST+=("-d $domain")
done

# Generate certificate
echo ""
echo ""
echo "Generating SSL certificate for $appname"
echo ""

# Check for Ubuntu version
# 14.04 Trusty Tahr
if [ $ubuntu == '14.04' ]
then
    /usr/local/bin/certbot-auto certonly --webroot -w /srv/users/$username/apps/$appname/public ${APPDOMAINLIST[@]}
fi

# 16.04 Xenial Xerus
if [ $ubuntu == '16.04' ]
then
    letsencrypt certonly --webroot -w /srv/users/$username/apps/$appname/public ${APPDOMAINLIST[@]}
fi

# Check the ACME configuration file for Nginx
if [ ! -f "$acmeconfigfile" ] 
then
    echo ""
    echo ""
    echo "Creating configuration file $acmeconfigfile for ACME"
    
    mkdir $acmeconfigfolder
    touch $acmeconfigfile
    
    echo "location ~ /\.well-known\/acme-challenge {" | sudo tee $acmeconfigfile
    echo "    allow all;" | sudo tee -a $acmeconfigfile
    echo "}" | sudo tee -a $acmeconfigfile
    echo "" | sudo tee -a $acmeconfigfile
    echo "location = /.well-known/acme-challenge/ {" | sudo tee -a $acmeconfigfile
    echo "    return 404;" | sudo tee -a $acmeconfigfile
    echo "}" | sudo tee -a $acmeconfigfile
fi

# Generate nginx configuration file
configfile=$conffolder/$appname.ssl.conf
echo ""
echo ""
echo "Creating configuration file for $appname in the $conffolder"
sudo touch $configfile
echo "server {" | sudo tee $configfile 
echo "   listen 443 ssl http2;" | sudo tee -a $configfile 
echo "   listen [::]:443 ssl http2;" | sudo tee -a $configfile 
echo "   server_name " | sudo tee -a $configfile 
   for domain in $domains; do
      echo -n $domain" " | sudo tee -a $configfile
   done
echo ";" | sudo tee -a $configfile 
echo "" | sudo tee -a $configfile 
echo "   ssl on;" | sudo tee -a $configfile 
echo "" | sudo tee -a $configfile 
echo "   # letsencrypt certificates" | sudo tee -a $configfile 
echo "   ssl_certificate      /etc/letsencrypt/live/${APPDOMAINS[0]}/fullchain.pem;" | sudo tee -a $configfile 
echo "   ssl_certificate_key  /etc/letsencrypt/live/${APPDOMAINS[0]}/privkey.pem;" | sudo tee -a $configfile 
echo "" | sudo tee -a $configfile 
echo "    #SSL Optimization" | sudo tee -a $configfile 
echo "    ssl_session_timeout 1d;" | sudo tee -a $configfile 
echo "    ssl_session_cache shared:SSL:20m;" | sudo tee -a $configfile 
echo "    ssl_session_tickets off;" | sudo tee -a $configfile 
echo "" | sudo tee -a $configfile 
echo "    # modern configuration" | sudo tee -a $configfile 
echo "    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;" | sudo tee -a $configfile 
echo "    ssl_prefer_server_ciphers on;" | sudo tee -a $configfile 
echo "" | sudo tee -a $configfile 
echo "    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';" | sudo tee -a $configfile 
echo "" | sudo tee -a $configfile 
echo "    # OCSP stapling" | sudo tee -a $configfile 
echo "    ssl_stapling on;" | sudo tee -a $configfile 
echo "    ssl_stapling_verify on;" | sudo tee -a $configfile 
echo "" | sudo tee -a $configfile 
echo "    # verify chain of trust of OCSP response" | sudo tee -a $configfile 
echo "    ssl_trusted_certificate /etc/letsencrypt/live/${APPDOMAINS[0]}/chain.pem;" | sudo tee -a $configfile 
echo "    #root directory and logfiles" | sudo tee -a $configfile 
echo "    root /srv/users/$username/apps/$appname/public;" | sudo tee -a $configfile 
echo "" | sudo tee -a $configfile 
echo "    access_log /srv/users/$username/log/$appname/${appname}_nginx.access.log main;" | sudo tee -a $configfile 
echo "    error_log /srv/users/$username/log/$appname/${appname}_nginx.error.log;" | sudo tee -a $configfile 
echo "" | sudo tee -a $configfile 
echo "    #proxyset" | sudo tee -a $configfile 
echo "    proxy_set_header Host \$host;" | sudo tee -a $configfile 
echo "    proxy_set_header X-Real-IP \$remote_addr;" | sudo tee -a $configfile 
echo "    proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;" | sudo tee -a $configfile 
echo "    proxy_set_header X-Forwarded-SSL on;" | sudo tee -a $configfile 
echo "    proxy_set_header X-Forwarded-Proto \$scheme;" | sudo tee -a $configfile 
echo "" | sudo tee -a $configfile 
echo "    #includes" | sudo tee -a $configfile 
echo "    include /etc/nginx-sp/vhosts.d/$appname.d/*.conf;" | sudo tee -a $configfile 
echo "    include $acmeconfigfolder/*.conf;" | sudo tee -a $configfile 
echo "}" | sudo tee -a $configfile 

# Wrapping it up
echo ""
echo ""
echo "We're almost done here. Opening HTTPS Port and  Restarting nginx..."
sudo ufw allow https
sudo service nginx-sp restart
echo ""
echo ""
echo ""
echo ""
echo "Your Let's Encrypt SSL certificate has been installed. Please update your .htaccess to force HTTPS on your app"
echo ""
echo "To enable auto-renewal, add the following to your crontab:"

# Append new schedule to crontab
# 14.04 Trusty Tahr
if [ $ubuntu == '14.04' ]
then
    echo "0 */12 * * * /usr/local/bin/certbot-auto renew --quiet --no-self-upgrade --post-hook \"service nginx-sp reload\""
fi

# 16.04 Xenial Xerus
if [ $ubuntu == '16.04' ]
then
    echo "0 */12 * * * letsencrypt renew && service nginx-sp reload"
fi

echo ""
echo ""
echo "Cheers!"
5.) Save scriptnya (ctrl+X -> y -> enter)
6.) Atur permissionnya, ketikkan:
chmod +x sple.sh
7.) Jalankan scriptnya, ketikkan:
./sple.sh
8.) Jika ada notifikasi install letsencrypt, lanjutkan saja.
9.) Nah Masukkan app name dan serverpilot usernamenya
10.) Masukkan email dan aggre
11.) tunggu script menggenerate ssl letsencryptnya.
12.) selesai

This post have 0 komentar


EmoticonEmoticon

Next article Next Post
Previous article Previous Post