Installer for Centos 7?


#1

Just tried installing on Centos 7, but getting the following message
Any plans for a Centos 7 installer?

[root@host letsencrypt]# sh letsencrypt-auto
Updating letsencrypt and virtual environment dependencies......
Requesting root privileges to run with virtualenv: /root/.local/share/letsencrypt/bin/letsencrypt
No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually

Install on CentOS 7
#2

I believe on CentOS you can only install certificates manually.
You have to stop your webserver, run the manual command from the how-to and then change your webserver’s configuration to use the generated certificates.

Edit: I see now I failed to properly read the TS…

I have not been able to get the auto-installer to work on a supported platform (ubuntu) either, by the way. Probably something to do with my webserver’s configuration.


#3

@alphabootis For non-(fully)-automated client support, you don’t have to stop your webserver. There’s also the webroot plugin. This uses the existing webserver (Apache/nginx/whatever) for serving the challenge. You are referring to the standalone plugin, which is much more cumbersome. For more information, see the Let’s Encrypt User Guide about plugins.

@giorgio79 Apparently, your webserver isn’t detected properly for fully automated certificate installation. There can be many reasons. If you run letsencrypt-auto with the -vv switch, it will give you a lot more debugging output, perhaps with a clue what goes wrong.


#4

Excellent tip.
Kicking the webserver around a bit is no problem in my case but this would make automation more straightforward.


#5

Thx Osiris, just ran with -vv

For some reason, it complains of “None” installer.

Here is the output

letsencrypt version: 0.1.1 x
x Arguments: [’-vv’] x
x Discovered plugins: x
x PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#webroot,Plu x
x ginEntryPoint#null,PluginEntryPoint#manual,PluginEntryPoint#standalo x
x ne) x
x Requested authenticator None and installer None x
x No installation (PluginEntryPoint#apache): x
x Traceback (most recent call last): x
x File x
x “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencr x
x ypt/plugins/disco.py”, line 103, in prepare x
x self._initialized.prepare() x
x File x
x “/root/.local/share/letsencrypt/lib/python2.7/site-packages/letsencr x
x ypt_apache/configurator.py”, line 142, in prepare x
x raise errors.NoInstallationError x
x NoInstallationError x
x No candidate plugin x
x Selected authenticator None and installer None


#6

The Apache plugin uses the following files/programs for the detection of a valid/working Apache installation on CentOS:

CLI_DEFAULTS_CENTOS = dict(
    server_root="/etc/httpd",
    vhost_root="/etc/httpd/conf.d",
    vhost_files="*.conf",
    version_cmd=['apachectl', '-v'],
    define_cmd=['apachectl', '-t', '-D', 'DUMP_RUN_CFG'],
    restart_cmd=['apachectl', 'graceful'],
    conftest_cmd=['apachectl', 'configtest'],
    enmod=None,
    dismod=None,
    le_vhost_ext="-le-ssl.conf",
    handle_mods=False,
    handle_sites=False,
    challenge_location="/etc/httpd/conf.d"

Perhaps you could verify your setup if the files/directories above exist? (Skipping le_vhost_ext, that’s not relevant.)

By the way, this is only necessary if you really want to fully automate Let’s Encrypt. If that’s not (yet) needed and you just want a certificate, you can look at the webroot plugin, IMO the next best thing.


#7

Ah, I have yet to setup vhosts as this server is new, and I am just configuring the box.


#8

Ok just installed some vhosts now. Still getting the same error.

I checked and the vhost file in my standard centos / apache installation is at

/etc/httpd/conf/httpd.conf

not under /etc/httpd/conf.d where letsencrypt is searching.

Files exist in the conf.d folder, but not those of apache. This blog shows also that the apache conf location is the one I am quoting http://www.server-world.info/en/note?os=CentOS_7&p=httpd


#9

That blog is rather inconsistent: in step 1 it says conf.d, but in step 2 it says conf. Strange.

Why wouldn’t you just use /etc/httpd/conf.d/? Does your Apache still work normally if you change it to that location?


#10

Like @alphabootis mentioned, the auto-installer for apache doesn’t work on CentOS. It’s currently only available on debian-based distributions.

You can use certonly mode with --webroot, --standalone or --manual to get a certificate, and modify your web server configuration manually.


#11

@pfg Then you probably need to look again at the full constants.py from the Apache plugin:

https://github.com/letsencrypt/letsencrypt/blob/master/letsencrypt-apache/letsencrypt_apache/constants.py

It even supports Gentoo now :slightly_smiling: (If you run the latest client source from git at least…)


#12

This is not part of the currently released version, which only supports Debian/Ubuntu. OP can use this guide to run from master. Not sure how far along and stable this is either.


#13

Thx, I understand I can use the manual stuff, but not really interested in that. I would like to get my Webmin / Virtualmin working with this for domain auto cert updates…Will then wait for a fix for Centos :slight_smile:


#14

I made some RPMs for CentOS 7. You can find more information at the topic for them here.


#15

You can get the certificates and then install them manually.

./letsencrypt-auto --text --agree-tos --email <youremail> certonly --renew-by-default --webroot --webroot-path /home/<username>/public_html/ -d <yourdomain>

The certificates will be stored under /etc/letsencrypt/live/$domain/cert.pem


#16

This might be a bit old of a thread, but I was able to get the installer to work once I moved my VirtualDomains into the /domains-available and /domains-enabled/ directories. My old Apache was pretty much the monolithic httpd.conf file.


#17

Here is a web page with instructions specifically for CentOS7 and apache:

I used these instructions and the install went “smooth as silk”.

BUT, I do have some “iisues”. Please read this post here on the forum to take a look:

Good luck!