{"id":1899,"date":"2016-01-07T00:30:21","date_gmt":"2016-01-06T22:30:21","guid":{"rendered":"https:\/\/guven.atbakan.com\/blog\/?p=1899"},"modified":"2016-05-04T22:00:15","modified_gmt":"2016-05-04T20:00:15","slug":"letsencrypt-ile-sitelerinize-ssl-yukleyin","status":"publish","type":"post","link":"https:\/\/guven.atbakan.com\/blog\/tr\/letsencrypt-ile-sitelerinize-ssl-yukleyin\/","title":{"rendered":"LetsEncrypt ile sitelerinize ssl y\u00fckleyin"},"content":{"rendered":"<p>SSL Y\u00dcKLEY\u0130N! Ssl \u00f6nemlidir arkada\u015flar. Sizinle sunucu aras\u0131ndaki trafi\u011fi \u015fifreler. Ki bu da \u00e7ok \u00f6nemli bir\u015feydir. Baya \u00f6nemli ama.<\/p>\n<p>Y\u0131llar \u00f6ncesinde ssl olduk\u00e7a pahal\u0131 bir \u00fcr\u00fcnd\u00fc. Ve anlamas\u0131 g\u00fc\u00e7t\u00fc. Belki de sadece benim i\u00e7in b\u00f6yleydi bilmiyorum :) Fakat bug\u00fcn g\u00fcn\u00fcm\u00fczde ssl kurulumu 2-3 t\u0131klamaya kadar d\u00fc\u015ft\u00fc. Bu y\u00fczden ssl y\u00fcklemeyi ihmal etmeyin. Ki\u015fisel bloga da ssl mi y\u00fcklenirmi\u015f demeyin, y\u00fckleyin.<\/p>\n<p>Ve art\u0131k bunun i\u00e7in <a href=\"https:\/\/github.com\/letsencrypt\/letsencrypt\">LetsEncrypt<\/a> kullanabilirsiniz. Tamamen \u00fccretsiz.<\/p>\n<p><strong>Nas\u0131l?<\/strong><\/p>\n<p>Ssh ba\u011flant\u0131m\u0131z\u0131 yapal\u0131m ve ilk \u00f6nce LetsEncrypt dosyalar\u0131n\u0131 sistemimize y\u00fckleyip letsencrypt klas\u00f6r\u00fcne ge\u00e7elim.<\/p>\n<blockquote><p>git clone https:\/\/github.com\/letsencrypt\/letsencrypt &amp;&amp; cd letsencrypt<\/p><\/blockquote>\n<p>A\u015fa\u011f\u0131daki komutu \u00e7al\u0131\u015ft\u0131rarak LetsEncrypt i\u00e7in gerekli dosyalar\u0131n sisteme y\u00fcklenmesini sa\u011flayal\u0131m.<\/p>\n<blockquote><p>.\/letsencrypt-auto &#8211;help<\/p><\/blockquote>\n<p>E\u011fer LetsEncrypt komut listesini g\u00f6r\u00fcyorsan\u0131z kurulum ba\u015far\u0131yla tamamlanm\u0131\u015f demektir. E\u011fer g\u00f6remiyorsan\u0131z bir sorun var demektir. Ki ne oldu\u011funu bilmiyorum.<\/p>\n<p><strong>Sertifika Olu\u015fturma<\/strong><\/p>\n<p>Sertifika olu\u015fturma i\u00e7in birden fazla y\u00f6ntem mevcut. Hatta sertifikan\u0131n olu\u015fturulup apache ve nginx i\u00e7in konfig\u00fcrasyonlar\u0131n otomatik yap\u0131ld\u0131\u011f\u0131n\u0131 s\u00f6yleyen baz\u0131 komutlar da var. Ancak ben otomatik konfig\u00fcrasyon yapan\u0131 hen\u00fcz beceremedim. Bu y\u00fczden size kendi kulland\u0131\u011f\u0131m komutu g\u00f6sterece\u011fim:<\/p>\n<blockquote><p>.\/letsencrypt-auto certonly &#8211;webroot &#8211;webroot-path \/var\/www\/site.tld\/web\/public &#8211;email mail@site.tld &#8211;agree-tos &#8211;renew-by-default &#8211;text -d site.tld<\/p><\/blockquote>\n<p>Bu komut webroot y\u00f6ntemiyle yaln\u0131zca sertifika dosyalar\u0131n\u0131 olu\u015fturuyor. Webroot y\u00f6nteminde site do\u011frulamas\u0131 letsencrypt&#8217;in otomatik olu\u015fturup do\u011frulama yapt\u0131\u011f\u0131 bir y\u00f6ntemdir. &#8211;webroot-path ile tan\u0131mlad\u0131\u011f\u0131n\u0131z klas\u00f6re bir do\u011frulama dosyas\u0131 olu\u015fturur. Daha sonra bu dosyan\u0131n http:\/\/site.tld\/olusturulandosya \u015feklinde kontrol\u00fc yap\u0131l\u0131r LetsEncrypt taraf\u0131ndan. E\u011fer dosyaya eri\u015fim sa\u011flanamazsa sertifika dosyalar\u0131 olu\u015fmaz. (Zaten LetsEncrypt <strong>Domain Validation Ssl<\/strong> olu\u015fturur. Yani domain do\u011frulama sertifikas\u0131)<\/p>\n<p>&#8211;agree-tos komutu, kullan\u0131m \u015fartlar\u0131n\u0131 otomatik kabul etmenizi sa\u011flar. &#8211;renew-by-default ise 1 y\u0131l sonra otomatik yenilenmesini sa\u011flar. Ya da \u00f6yle olmas\u0131n\u0131 umut ediyoruz.<\/p>\n<p>E\u011fer her\u015fey yolunda giderse &#8220;<strong>Congratulations! Your certificate and chain have been saved at \/etc\/letsencrypt\/live\/site.tld\/fullchain.pem.<\/strong>&#8221; \u015feklinde bir mesajla kar\u015f\u0131la\u015f\u0131rs\u0131n\u0131z. Yani art\u0131k sertifika dosyalar\u0131n\u0131z kullan\u0131ma haz\u0131rd\u0131r. Peki nas\u0131l kullanacaks\u0131n\u0131z?<\/p>\n<p><strong>Nginx<\/strong><\/p>\n<p>Ssl anahtarlar\u0131n\u0131z\u0131 vhost dosyan\u0131zda tan\u0131mlaman\u0131z gerekiyor. \/etc\/nginx\/sites-available\/site.tld dosyan\u0131z\u0131 favori edit\u00f6r\u00fcn\u00fcz ile a\u00e7\u0131n. E\u011fer dosyan\u0131z bu de\u011filse, vhost dosyan\u0131z\u0131 bulun!<\/p>\n<p>\u015eu 3 sat\u0131r\u0131 uygun oldu\u011funu d\u00fc\u015f\u00fcnd\u00fc\u011f\u00fcn\u00fcz bir yere ekleyin.<\/p>\n<blockquote><p>listen 443 ssl;<br \/>\nssl_certificate\u00a0\u00a0\u00a0 \/etc\/letsencrypt\/live\/site.tld\/cert.pem;<br \/>\nssl_certificate_key\u00a0\u00a0\u00a0 \/etc\/letsencrypt\/live\/site.tld\/privkey.pem;<\/p><\/blockquote>\n<p>Son olarak nginx servisini reload etmeyi unutmay\u0131n. E\u011fer reload ederken bir hata almazsan\u0131z, sitenizi https:\/\/ ile kullanabilirsiniz demektir. \u0130nternetteki \u00f6rneklerle vhosts dosyan\u0131z\u0131 olu\u015fturdu\u011funuz varsayarsak, vhost dosyan\u0131z en son eklemeden sonra \u015funun gibi g\u00f6r\u00fcnecektir: https:\/\/gist.github.com\/shibby\/450e32d7a5a2ef86904d<\/p>\n<p><strong>Apache2<\/strong><\/p>\n<p>Hi\u00e7 bir fikrim yok nas\u0131l eklenece\u011fine dair. LetsEncrypt&#8217;in apache i\u00e7in default gelen mod\u00fcl\u00fcn\u00fc kullanmay\u0131 deneyin. Ba\u015far\u0131rsan\u0131z bana da \u00f6\u011fretin.<\/p>\n<ul>\n<li>LetsEncrypt Resmi Web Sitesi: https:\/\/letsencrypt.org\/<\/li>\n<li>LetsEncrypt Github Sayfas\u0131: https:\/\/github.com\/letsencrypt\/letsencrypt<\/li>\n<li>EFF&#8217;ye ba\u011f\u0131\u015f yap\u0131n! https:\/\/supporters.eff.org\/donate<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<p><strong>Kar\u015f\u0131la\u015ft\u0131\u011f\u0131m sorunlar:<\/strong><\/p>\n<p>Kurulum esnas\u0131nda hata al\u0131yorsak ve bu hata i\u00e7erisinde &#8220;Cannot allocate memory&#8221; gibi bir \u015fey ge\u00e7iyorsa (python paketleri y\u00fcklerken), sunucunun ram&#8217;i yetmiyor demektir. Ama ram artt\u0131rmadan \u00f6nce swap var m\u0131 bir kontrol edin. E\u011fer swap yoksa \u00e7ok kolay bir bi\u00e7imde dosya-swap eklemesi yapabilirsiniz: http:\/\/www.cyberciti.biz\/faq\/linux-add-a-swap-file-howto\/<\/p>\n","protected":false},"excerpt":{"rendered":"<p>SSL Y\u00dcKLEY\u0130N! Ssl \u00f6nemlidir arkada\u015flar. Sizinle sunucu aras\u0131ndaki trafi\u011fi \u015fifreler. Ki bu da \u00e7ok \u00f6nemli bir\u015feydir. Baya \u00f6nemli ama. Y\u0131llar \u00f6ncesinde ssl olduk\u00e7a pahal\u0131 bir \u00fcr\u00fcnd\u00fc. Ve anlamas\u0131 g\u00fc\u00e7t\u00fc. Belki de sadece benim i\u00e7in b\u00f6yleydi bilmiyorum :) Fakat bug\u00fcn g\u00fcn\u00fcm\u00fczde ssl kurulumu 2-3 t\u0131klamaya kadar d\u00fc\u015ft\u00fc. Bu y\u00fczden ssl y\u00fcklemeyi ihmal etmeyin. Ki\u015fisel bloga da [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"LetsEncrypt ile sitelerinize ssl y\u00fckleyin","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[4],"tags":[348,349],"class_list":["post-1899","post","type-post","status-publish","format-standard","hentry","category-yazilim","tag-letsencrypt","tag-letsencrypt-nginx"],"blocksy_meta":{"styles_descriptor":{"styles":{"desktop":"","tablet":"","mobile":""},"google_fonts":[],"version":6}},"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_likes_enabled":true,"jetpack-related-posts":[],"jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/guven.atbakan.com\/blog\/wp-json\/wp\/v2\/posts\/1899","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/guven.atbakan.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/guven.atbakan.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/guven.atbakan.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/guven.atbakan.com\/blog\/wp-json\/wp\/v2\/comments?post=1899"}],"version-history":[{"count":8,"href":"https:\/\/guven.atbakan.com\/blog\/wp-json\/wp\/v2\/posts\/1899\/revisions"}],"predecessor-version":[{"id":1927,"href":"https:\/\/guven.atbakan.com\/blog\/wp-json\/wp\/v2\/posts\/1899\/revisions\/1927"}],"wp:attachment":[{"href":"https:\/\/guven.atbakan.com\/blog\/wp-json\/wp\/v2\/media?parent=1899"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/guven.atbakan.com\/blog\/wp-json\/wp\/v2\/categories?post=1899"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/guven.atbakan.com\/blog\/wp-json\/wp\/v2\/tags?post=1899"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}