Using Let’s Encrypt with CentOS (for now)

January 12, 2016 Emil C
1 Comment

CentOS 6 users, because Let’s Encrypt requires at least Python 2.7 to run you need to install a newer version. Luckily you can install 2.7 version aside to the 2.6 version already in your system. To do that you need to put in IUS repository. The installation process is actually very easy. All you need to do is:

yum install https://centos6.iuscommunity.org/ius-release.rpm

then:

yum install python27 python27-virtualenv

Once you did that, or if you’re on CentOS 7 make sure to have git installed by doing:

yum install git

Then download the Let’s Encrypt source code:

git clone https://github.com/letsencrypt/letsencrypt

Change directory and launch the tool for the firs time:

cd letsencrypt
./letsencrypt-auto
This will install everything needed on your server and prepare the tool. When this is all done you need to stop your webserver (I guess this is a temporary thing) something like:
service httpd stop
Change http with whatever your webserver is. When the daemon is stopped you can request your certificate
./letsencrypt-auto --agree-tos --email you@yourdomain.com -d server.domain.com -d othersite.domain.com -d www.domain.com certonly
You can put as many “-d” options as you like/have on your server. This way you can create a single certificate for all the domains/hosts that you have on your server.
Note that the email address should be one that you are able to receive notification mails for when your certificate is about to expire.
Then you need to configure your webserver to use the certificate. This is an example on how to configure your Apache httpd server.
<VirtualHost YOUR_IP:443>
       ServerAdmin postmaster@yourdomain.com
       SuexecUserGroup yourdomain yourdomain
       ServerName yourdomain.com
       ServerAlias www.yourdomain.com
       DocumentRoot /home/yourdomain/htdocs
       
       SSLEngine on
       SSLProtocol all -SSLv2 -SSLv3
       SSLHonorCipherOrder On
       SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4
       SSLCertificateFile /etc/letsencrypt/live/server.yourdomain.com/cert.pem
       SSLCertificateKeyFile /etc/letsencrypt/live/server.yourdomain.com/privkey.pem
       SSLCertificateChainFile /etc/letsencrypt/live/server.yourdomain.com/chain.pem
       
       ErrorLog /home/yourdomain/log/error_log
       LogLevel debug
       CustomLog /home/yourdomain/log/access_log combined
</VirtualHost>
security
Previous Post

Let's Encrypt is Trusted
Next Post

I discovered Wireguard
Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.