Using Let’s Encrypt with CentOS (for now)

CentOS 6 users, because Let’s Encrypt requires at least Python 2.7 to run you need to install a newer version. Luckily you can install 2.7 version aside to the 2.6 version already in your system. To do that you need to put in IUS repository. The installation process is actually very easy. All you need to do is:

yum install https://centos6.iuscommunity.org/ius-release.rpm

then:

yum install python27 python27-virtualenv

Once you did that, or if you’re on CentOS 7 make sure to have git installed by doing:

yum install git

Then download the Let’s Encrypt source code:

git clone https://github.com/letsencrypt/letsencrypt

Change directory and launch the tool for the firs time:

cd letsencrypt ./letsencrypt-auto
This will install everything needed on your server and prepare the tool. When this is all done you need to stop your webserver (I guess this is a temporary thing) something like:
service httpd stop
Change http with whatever your webserver is. When the daemon is stopped you can request your certificate
./letsencrypt-auto --agree-tos --email [email protected] -d server.domain.com -d othersite.domain.com -d www.domain.com certonly
You can put as many “-d” options as you like/have on your server. This way you can create a single certificate for all the domains/hosts that you have on your server.
Note that the email address should be one that you are able to receive notification mails for when your certificate is about to expire.
Then you need to configure your webserver to use the certificate. This is an example on how to configure your Apache httpd server.
<VirtualHost YOUR_IP:443> ServerAdmin [email protected] SuexecUserGroup yourdomain yourdomain ServerName yourdomain.com ServerAlias www.yourdomain.com DocumentRoot /home/yourdomain/htdocs SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLHonorCipherOrder On SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4 SSLCertificateFile /etc/letsencrypt/live/server.yourdomain.com/cert.pem SSLCertificateKeyFile /etc/letsencrypt/live/server.yourdomain.com/privkey.pem SSLCertificateChainFile /etc/letsencrypt/live/server.yourdomain.com/chain.pem ErrorLog /home/yourdomain/log/error_log LogLevel debug CustomLog /home/yourdomain/log/access_log combined </VirtualHost>
Emil CHERICHEȘ
Articole Profil

De același autor

Despre ZTB.ro

ZTB.ro este un agregator românesc de bloguri care colectează și afișează articole din diverse domenii, oferind vizibilitate bloggerilor și o platformă centralizată pentru cititori. Articolele sunt preluate prin feed-uri RSS/Atom și direcționează traficul către blogurile originale.

Înscrie-ți blogul!

Articole recente

Acest site folosește numai cookie-uri esențiale funcționării. Mai multe informații găsiți în Politica de Confidențialitate.
© Toate drepturile rezervate ztb.ro