Posted 27 October, 2015
I updated this guide due to the public beta, as well as better support for python 2.6. See the new post.
I’m a huge fan of Let’s Encrypt, generally https is safer then http why ? Well when you send data (login data) over http its child play to read out your password and login name. With https a hacker would only see jumble. Until recently only a few free options where available to the webmaster/sysadmin/devops/… first was self signed certificates, these give you a horrible warning that the website is insecure, ironically its much saver then http. The second option was to use free certificate providers, such as startssl.com sadly it takes allot of work and even if you are used to their workflow it takes some time to redo them every year. Let’s Encrypt is to be the game changer in the field, they will deliver free certificates with only a few commands, on top of that they focus on automating the proces,they also deliver a certificate that is trusted by browsers!
So where is the catch ? Well there is not really one, expect they work with open-source and community driven development, which means, not everything is available when they are going to launch. Such as support for Centos 6.X (due to the python 2.7 requirement!)
It is however rather easy to install python 2.7 on Centos! Not even other repo’s are required!
#https://wiki.centos.org/AdditionalResources/Repositories/SCL yum install centos-release-SCL && yum update # install python 2.7 yum install python27 # activate it scl enable python27 bash # install other python dependencies yum install python27-python-devel python27-python-setuptools python27-python-tools python27-python-virtualenv # these would be installed automaticly by the client but I prefer to do it myself yum install augeas-libs dialog gcc libffi-devel openssl-devel python-devel
After python 2.7 is installed you are ready to follow up with let’s encrypt default tool :
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto --verbose # during beta ./letsencrypt-auto --verbose --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly
Let’s encrypt the web!
update: Seems let’s encrypt is working on support for python2.6 (and centos as a result)
update 9 nov. :
1) updated article based on experience during beta of lets encrypt.
2) this method only works on 64bit machines, since SCL is only available for 64bit os
3) public beta has been pushed back to 3 december. (source)
If you enjoyed this article, please consider buying me a Dr Pepper.
Fuel the beast!
Buy me a Dr Pepper