A tutorial to start with CentOS 6.5?

Hi all, a tutorial to install it on Linux Centos?
I use Plesk on my server but do not know where to start to keep trying.
Thank you.

Any idea please ?
Thanks.

Bump!!
Please any idea '? :unamused:

Use regular steps as pointed out here for example: https://www.geocerts.com/install/plesk_8

For CentOS 7 I created the certificate manually:

  ./letsencrypt-auto certonly -a manual -d example.com \
  --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview

And added to relevant vhost config for Apache:

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

This worked just fine.

3 Likes

These instructions work on Centos 6.7 as well, just add the --debug flag to enable python 2.6

Note you'll get a bunch of errors about Python 2.6 is deprecated, but the certificate is otherwise downloaded and installed to /etc/letsencrypt/live//fullchain.pem and privkey.pem

2 Likes

Thanks guys, I’ll try it and see how it goes.
Thanks for answering.

  ./letsencrypt-auto certonly -a manual -d example.com \
  --server https://acme-v01.api.letsencrypt.org/directory --agree-dev-preview

Only I have to run this on the server?
Where it says I must put the example.com domain?

SSLEngine On
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem

After putting him up in SSH I put him down with the domain name and it works?
Just adding this longer works?
It seems very simple.

Thank you.

For the sake of completion and to contribute something myself, on my (Plesk managed) servers, SSL only worked when I also defined the CertificateChainFile. The whole section looks like this now and it works fine:

	SSLEngine On
	SSLVerifyClient none
	SSLCertificateFile /etc/letsencrypt/live/www.mydomain.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/www.mydomain.com/privkey.pem
	SSLCertificateChainFile "/etc/letsencrypt/live/www.mydomain.com/chain.pem
1 Like

Rookey Hello, can you help me please?
No where to start or should I install first of all to try.
Thank you.

Working solution for Centos 6.7 with apache version 2.2.15:

1/ Open root shell with pwd in /root and apache started #service httpd start
2/ #sh -c 'wget -qO- http://people.redhat.com/bkabrda/scl_python27.repo >> /etc/yum.repos.d/scl.repo’
3/ #yum install python27
4/ #scl enable python27 bash
5/ #git clone https://github.com/letsencrypt/letsencrypt
6/ #cd letsencrypt
7/ #./letsencrypt-auto certonly --manual -d mydomain.com -d …
8/ answer the questions :wink:
9/ copy the displayed line with printf “%s” LJHLJKHalotofstrangecharactersHMJKLHMKL > .well-known/acme-challenge/LJHLJKHmoreofthesameHMJKLHMKL
10/ open a SECOND root shell
11/ #mkdir -p /var/www/html/.well-known/acme-challenge
12/ #cd /var/www/html
13/ paste the printf statement and press enter: #printf “%s” LJHLJKHalotofstrangecharactersHMJKLHMKL > .well-known/acme-challenge/LJHLJKHmoreofthesameHMJKLHMKL
14/ in first shell: press enter to continue
15/ you should get the message: Congratulations! Your certificate and chain have been saved at /etc/letsencrypt/live/mydomain.com/fullchain.pem.
16/ edit/vi the file /etc/httpd/conf.d/ssl.conf and change the following lines:
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/chain.pem
17/ for added security you could change/add the following lines in this ssl.conf file
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLInsecureRenegotiation off
SSLCipherSuite ECDHE+AESGCM:DH+AESGCM:ECDHE+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA:!aNULL:!MD5:!DSS:!AES256:!eNULL:!LOW:!RC2:!SEED:!SSLv2:!EXP:!NULL:!CAMELLIA:!IDEA:!RC4
18/ in the virtual host section of this file you could also add this line to enable HSTS
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
19/ service httpd restart
20/ make sure firewall port 443 is open or redirected to this server
21/ you’re all set…and you should have an A- on ssllabs.com :wink: Any tips on how to get an A+ working on all major browsers would be greatly appreciated…

Up to a better and safer internet !!!
Thanks to all the people at letsencrypt for this great service!!!

2 Likes

Thanks. With help from your guide I was able to successfully setup on a Centos 7 server running Apache 2.4. As a bonus my site scores an A+ on the SSL labs test.

Perhaps you could share your results and I might offer some assistance.

1 Like

Just FYI, we’re working hard to get letsencrypt included in EPEL for EL6/7, but there are a ton of dependencies to satisfy before we can push this out. It doesn’t help that CentOS/RHEL 6.x is stuck on python 2.6 and pyOpenSSL 0.13, but we’ll get there.

4 Likes

for CentOS 6.x just use IUS Community (from rackspace.com folks) repo's side install of Python 2.7 Redhat / CentOS 6.x users need python 2.7 ?

2 Likes

Hello, thank you very much for your help.
Now I leave everything so why can not continue.
He stood in Option 4.
I’ll stick so you can see it.
Thank you.

Did you subscribe to the ius repository first ? see link

1 Like

Hello, thank you for your answer.
I did not know, I did not know it.
I’m trying to install CentOS 6.5 but not how.
He tells me to download a file. Can you explain how to install please.
Thank you.

Thanks - just confirming that this worked for me, after adding --debug for Python 2.6. I created the certificate on Centos 6.7, then copied the certificate and key to a server running Centos 5.6.
The only issue I’ve got is having to run letsencrypt-auto as root to do this, which isn’t necessary in this case. It’s also unfortunate that the certificate currently only last 3 months. Otherwise, fantastic.

I put those lines in /etc/httpd/conf.d/ssl.conf and commented out the corresponding existing lines. When I start httpd, I now get this in error_log

[error] Server should be SSL-aware but has no certificate configured [Hint: SSLCertificateFile] ((null):0)

I am able to cat the CertificateFile using the path and filename I've put in ssl.conf. So... what am I doing wrong?

THANKS!

Harold

It works! I had messed up something or another in Apache. Now I comment out the lines corresponding to those above in ssl.conf and paste in the lines above (substituting my domain name), and it works! Chrome even gives me the green approval of the cert. This is all running on Centos 6.

THANKS!

Harold