Let’s Encrypt with Centos 6.7 !
Posted 27 October, 2015
I updated this guide due to the public beta, as well as better support for python 2.6. See the new post.
I’m a huge fan of Let’s Encrypt, generally https is safer then http why ? Well when you send data (login data) over http its child play to read out your password and login name. With https a hacker would only see jumble. Until recently only a few free options where available to the webmaster/sysadmin/devops/… first was self signed certificates, these give you a horrible warning that the website is insecure, ironically its much saver then http. The second option was to use free certificate providers, such as startssl.com sadly it takes allot of work and even if you are used to their workflow it takes some time to redo them every year. Let’s Encrypt is to be the game changer in the field, they will deliver free certificates with only a few commands, on top of that they focus on automating the proces,they also deliver a certificate that is trusted by browsers!
So where is the catch ? Well there is not really one, expect they work with open-source and community driven development, which means, not everything is available when they are going to launch. Such as support for Centos 6.X (due to the python 2.7 requirement!)
It is however rather easy to install python 2.7 on Centos! Not even other repo’s are required!
#https://wiki.centos.org/AdditionalResources/Repositories/SCL yum install centos-release-SCL && yum update # install python 2.7 yum install python27 # activate it scl enable python27 bash # install other python dependencies yum install python27-python-devel python27-python-setuptools python27-python-tools python27-python-virtualenv # these would be installed automaticly by the client but I prefer to do it myself yum install augeas-libs dialog gcc libffi-devel openssl-devel python-devel
After python 2.7 is installed you are ready to follow up with let’s encrypt default tool :
git clone https://github.com/letsencrypt/letsencrypt cd letsencrypt ./letsencrypt-auto --verbose # during beta ./letsencrypt-auto --verbose --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory certonly
Let’s encrypt the web!
update: Seems let’s encrypt is working on support for python2.6 (and centos as a result)
update 9 nov. :
1) updated article based on experience during beta of lets encrypt.
2) this method only works on 64bit machines, since SCL is only available for 64bit os
3) public beta has been pushed back to 3 december. (source)
If you enjoyed this article, please consider buying me a Dr Pepper.
Fuel the beast!
Buy me a Dr Pepper
Hi there,
Is letsencrpyt is still working because ive tried to the instruction but I came with not verified c.a
To be exact the label of my c.a is “Happy Hacke fake certificate”
Any suggestion?
By the way, great tutorial.
9 November, 2015 at 08:39Hey Cris,
Thanks for your feedback, currently its still running in “closed beta”, the certificate you got is testing-only, you can request access to closed beta here : https://docs.google.com/forms/d/15Ucm4A20y2rf9gySCTXD6yoLG6Tba7AwYgglV7CKHmM/viewform?c=0&w=1 (this would be a valid certificate)
But if you wait a bit in the week of November 16, 2015 its going live, so you can follow these guidelines to get a valid certificate.
9 November, 2015 at 13:31Hi sir,
okay i will wait for the november 16,2015 and i will inform you once again. when i get my valid certificate thanks again 🙂
10 November, 2015 at 07:56Is this something to do with whitelisted domain?for this kind of error
./letsencrypt-auto –agree-dev-preview –server https://acme-v01.api.letsencrypt.org/directory
Updating letsencrypt and virtual environment dependencies…….
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt –agree-dev-preview –server https://acme-v01.api.letsencrypt.org/directory
Version: 1.1-20080819
Version: 1.1-20080819
No installers are available on your OS yet; try running “letsencrypt-auto certonly” to get a cert you can install manually
14 November, 2015 at 11:04Hey Peter,
No this has only to do with the fact that you have a not yet supported os (Centos?), you could fix it using
./letsencrypt-auto –agree-dev-preview –server https://acme-v01.api.letsencrypt.org/directory certonly
If you use apache (httpd) on centos it will show you this error and you need to stop httpd (service httpd stop) before you run letsencrypt-auto.
good luck !
14 November, 2015 at 11:20Hi svennd,
I have a good news for your i was able to make my certificate green now its now verified! 🙂 thanks for this helpful article.
by the way, is it possible to request for letsencrypt to whitelist also my child domain.
For example:
Mother domain – cris.com
child domain – first.cris.com
child domain – second.cris.com
is it possible to whitelist only cris.com and all the child domain will be whitelisted too?
Thanks!
17 November, 2015 at 07:49Hey Cris,
Congrats! It is possible, however currently every child domain is considered a different domain. Only http://www.demo.ext and demo.ext are whitelisted. When you want first.demo.ext you have to submit it to the beta test. (and sadly wait the queue again)
Or you could wait until 3 December when they go to open beta.
Good luck !
17 November, 2015 at 11:07[…] Let’s Encrypt with Centos 6.7 ! […]
5 December, 2015 at 15:03[email protected] letsencrypt]# ./letsencrypt-auto certonly –webroot -w /home/fguespe/publi-d loopboardshop.com.ar
Updating letsencrypt and virtual environment dependencies…….
Running with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt certonly –webroot -wfguespe/public_html -d loopboardshop.com.ar
Version: 1.1-20080819
Version: 1.1-20080819
I get this
..
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/loopboardshop.com.ar-0001/fullchain.pem. Your
cert will expire on 2016-03-17. To obtain a new version of the
certificate in the future, simply run Let’s Encrypt again.
– If you like Let’s Encrypt, please consider supporting our work by:
Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
[[email protected] letsencrypt]# /etc/init.d/httpd restart
But nothing happens on the website..
19 December, 2015 at 00:27Hey Fabrizio,
I have updated my post here : https://www.svennd.be/lets-encrypt-with-centos-6/
The certificate is generated based on the webroot, thought the configuration, you have to do manually!
19 December, 2015 at 12:26[…] already made Lets Encrypt working with Centos 6.7 and Apache, recently I tried out Nginx, I wasn’t blasted with the speed, but I do like the […]
17 January, 2016 at 22:10