Using Let’s Encrypt with CentOS (for now)
CentOS 6 users, because Let’s Encrypt requires at least Python 2.7 to run you need to install a newer version. Luckily you can install 2.7 version aside to the 2.6 version already in your system. To do that you need to put in IUS repository. The installation process is actually very easy. All you need to do is:
yum install https://centos6.iuscommunity.org/ius-release.rpm
yum install python27 python27-virtualenv
Once you did that, or if you’re on CentOS 7 make sure to have git installed by doing:
yum install git
Then download the Let’s Encrypt source code:
git clone https://github.com/letsencrypt/letsencrypt
Change directory and launch the tool for the firs time:
cd letsencrypt ./letsencrypt-auto
This will install everything needed on your server and prepare the tool. When this is all done you need to stop your webserver (I guess this is a temporary thing) something like:
service httpd stop
Change http with whatever your webserver is. When the daemon is stopped you can request your certificate
./letsencrypt-auto --agree-tos --email firstname.lastname@example.org -d server.domain.com -d othersite.domain.com -d www.domain.com certonly
You can put as many “-d” options as you like/have on your server. This way you can create a single certificate for all the domains/hosts that you have on your server.
Note that the email address should be one that you are able to receive notification mails for when your certificate is about to expire.
Then you need to configure your webserver to use the certificate. This is an example on how to configure your Apache httpd server.
<VirtualHost YOUR_IP:443> ServerAdmin email@example.com SuexecUserGroup yourdomain yourdomain ServerName yourdomain.com ServerAlias www.yourdomain.com DocumentRoot /home/yourdomain/htdocs SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 SSLCertificateFile /etc/letsencrypt/live/server.yourdomain.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/server.yourdomain.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/server.yourdomain.com/chain.pem ErrorLog /home/yourdomain/log/error_log LogLevel debug CustomLog /home/yourdomain/log/access_log combined </VirtualHost>