Mendapatkan Ssl Dengan Acme Client Di OpenBSD
· ~al1r4d · ⮕openbsd · #acme-client #ssl
Gampang banget cara mendapatkan SSL Lets Encrypt gratis dengan Acme-client di OpenBSD.
Pertama, kita salin contoh konfigurasi acme-client dengan perintah ini
$ doas cp /etc/examples/acme-client.conf /etc/acme-client.conf
Ini adalah penampakan berkas contoh.
#
# $OpenBSD: acme-client.conf,v 1.5 2023/05/10 07:34:57 tb Exp $
#
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
api url "https://acme-staging-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
authority buypass {
api url "https://api.buypass.com/acme/directory"
account key "/etc/acme/buypass-privkey.pem"
contact "mailto:me@example.com"
}
authority buypass-test {
api url "https://api.test4.buypass.no/acme/directory"
account key "/etc/acme/buypass-test-privkey.pem"
contact "mailto:me@example.com"
}
domain example.com {
# alternative names { secure.example.com }
domain key "/etc/ssl/private/example.com.key"
domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
# Test with the staging server to avoid aggressive rate-limiting.
#sign with letsencrypt-staging
sign with letsencrypt
}
Sekarang kita fokus di sini. Silahkan ganti example.com dengan domain kalian.
Jangan lupa beri pagar di depan baris alternative names jika anda tidak membutuhkan.
domain example.com {
# alternative names { secure.example.com }
domain key "/etc/ssl/private/example.com.key"
domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
# Test with the staging server to avoid aggressive rate-limiting.
#sign with letsencrypt-staging
sign with letsencrypt
}
Jika sudah dirasa benar, saatnya kita mengonfigurasi OpenHTTPD.
Kenapa?
Karena proses mendapatkan SSL Lets Encrypt dengan Acme Client membutuhkan port 80.
Seperti biasa, kita salin contoh berkas httpd dengan perintah ini.
$ doas cp /etc/examples/httpd.conf /etc/httpd.conf
Dan ini adalah contoh konfigurasi httpd. Tidak terlalu merumitkan meskipun anda pengguna baru.
# $OpenBSD: httpd.conf,v 1.22 2020/11/04 10:34:18 denis Exp $
server "example.com" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI"
}
}
server "example.com" {
listen on * tls port 443
tls {
certificate "/etc/ssl/example.com.fullchain.pem"
key "/etc/ssl/private/example.com.key"
}
location "/pub/*" {
directory auto index
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
}
Silahkan ganti domain contoh ke milik kalian dan jangan lupa memberikan # pada blok tls untuk menonaktifkan akses tls, seperti ini:
# server "example.com" {
# listen on * tls port 443
# tls {
# certificate "/etc/ssl/example.com.fullchain.pem"
# key "/etc/ssl/private/example.com.key"
# }
# location "/pub/*" {
# directory auto index
# }
# location "/.well-known/acme-challenge/*" {
# root "/acme"
# request strip 2
# }
#}
Jika sudah, aktifkan layanan httpd.
$ doas rcctl start httpd
httpd(ok)
Selanjutnya, jalankan perintah acme-client -Fv dalam pengguna root. Contohnya seperti ini.
$ doas acme-client -Fv radhitya.temanbsd.com
acme-client: /etc/ssl/radhitya.temanbsd.com.crt: certificate valid: 65 days left
acme-client: /etc/ssl/radhitya.temanbsd.com.crt: domain list changed, forcing renewal
acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
acme-client: acme-v02.api.letsencrypt.org: DNS: 2606:4700:60:0:f53d:5624:85c7:3a2c
acme-client: https://acme-v02.api.letsencrypt.org/acme/finalize/1641857997/273307977332: certificate
acme-client: order.status 3
acme-client: https://acme-v02.api.letsencrypt.org/acme/cert/0462516af204bd166e546cf2fe169393a746: certificate
acme-client: /etc/ssl/radhitya.temanbsd.com.crt: created
⚘
Pertanyaan atau komentar? Email kami.