Buat direktori dimana certificate akan disimpan
Disini menggunakan virtualenv untuk menginstall certbot nya namun bisa juga langsung sebetulnya menggunakan seperti apt/yum, dll.
contoh:
mkdir PY-VIRTUALENV
cd PY-VIRTUALENV
python3.8 -m venv virtualenv
source virtualenv/bin/activate
certbot certonly --config-dir . --work-dir . --logs-dir . --manual -d *.your-domain.com --preferred-challenges dns
Ada beberapa verifikasi seperti http, namun kali ini menggunakan verifikasi DNS dibagian bawah penting dilakukan terlebih dahulu untuk mendapatkan certificate dari letsencrypt, setelah menambahkan record TXT dan menunggu propagasi, command diatas bisa dilakukan kembali.
Output:
Saving debug log to /Users/sa.bagus/CODE/PY-VIRTUALENV/letsencrypt.log
Requesting a certificate for *.your-domain.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name:
_acme-challenge.*.your-domain.com.
with the following value:
ajksjaksjkajskajskajskjaksjaksjkajskajskajksjask
Before continuing, verify the TXT record has been deployed. Depending on the DNS
provider, this may take some time, from a few seconds to multiple minutes. You can
check if it has finished deploying with aid of online tools, such as the Google
Admin Toolbox: https://toolbox.googleapps.com/apps/dig/#TXT/_acme-challenge.*.your-domain.com.
Look for one or more bolded line(s) below the line ';ANSWER'. It should show the
value(s) you've just added.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Successfully received certificate.
Certificate is saved at: /Users/sa.bagus/CODE/PY-VIRTUALENV/live/*.your-domain.com/fullchain.pem
Key is saved at: /Users/sa.bagus/CODE/PY-VIRTUALENV/live/*.your-domain.com/privkey.pem
This certificate expires on 2024-01-31.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Okey setelah itu bisa diambil sertifikat dipasang di nginx, apache2, cloud load balacner, dll.
Thank you kalau sudah mengikuti tutorial ini.
Comments
Post a Comment