Let’s Encrypt SSL Certificate di Webserver NGINX (Ubuntu & Debian)

apt-get -y install git
cd /usr/local/
git clone https://github.com/letsencrypt/letsencrypt
git clone https://github.com/certbot/certbot
cd /usr/local/certbot/
./certbot-auto certonly –agree-tos –rsa-key-size 4096 –renew-by-default -m saya@domain.com –webroot -w /var/www/ -d saya.domain.com –renew-by-default

====================

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/saya.domain.com/fullchain.pem. Your cert
will expire on 2016-10-20. To obtain a new or tweaked version of
this certificate in the future, simply run certbot-auto again. To
non-interactively renew *all* of your certificates, run
“certbot-auto renew”
– If you lose your account credentials, you can recover through
e-mails sent to saya@domain.com.
– Your account credentials have been saved in your Certbot
configuration directory at /etc/letsencrypt. You should make a
secure backup of this folder now. This configuration directory will
also contain certificates and private keys obtained by Certbot so
making regular backups of this folder is ideal.
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

=====================

Konfigurasi di Webserver NGINX

vi /etc/nginx/sites-available/default

=====================
ssl on;
ssl_certificate /etc/letsencrypt/live/saya.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/saya.domain.com/privkey.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ‘EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH’;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
=====================

mkdir /etc/nginx/ssl
cd /etc/nginx/ssl
openssl dhparam -out dhparams.pem 2048
/etc/init.d/nginx restart

Kemudian testing SSL di
https://www.ssllabs.com/ssltest/analyze.html

Error apache2 SSL23_GET_SERVER_HELLO

Jika terdapat error pada apache2 pada HTTPS port 443

error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol

atau error seperti ini

“\x16\x03”

“\x16\x03\x01”

“\x80w\x01\x03\x01”

Ubah konfigurasi /etc/apache2/sites-available/default

<VirtualHost *>
ServerAdmin saya@email.com
DocumentRoot /var/www/

menjadi seperti dibawah

<VirtualHost *:80>
ServerAdmin saya@email.com
ServerName http://www.saya.com
DocumentRoot /var/www/

Error SSL-Explorer selectCertificateSource.do

Jika terdapat error

HTTP ERROR: 500
Unable to compile class for JSP

…..

1 error

RequestURI=/selectCertificateSource.do

java -version

rm sslexplorer-1.0.0_RC17/sslexplorer/lib/tools.jar

cp /usr/lib/jvm/java-6-sun-1.6.0.26/lib/tools.jar sslexplorer-1.0.0_RC17/sslexplorer/lib/.

======

Tinggal pointing browser ke http://server:28080/ lakukan install