Let's Encrypt free SSL certificate on CentOS 5.11


Is it possible to install Let’s Encrypt free SSL certificate on CentOS 5.11? Or CentOS 6 is required?


Should work have you tried?

sudo mkdir /opt/cerbot
cd /opt/certbot
sudo wget https://dl.eff.org/certbot-auto
sudo ./certbot-auto certonly --standalone --agree-tos --rsa-key-size 4096 -m yourname@youremail.com -d yourdomain.com --renew-by-default --dry-run

or … if you want you can use the --nginx and --apache methods. This is just an example to generate a certificate quickly using a dry run. the example above will require that you stop your web server Apache/Nginx first to test that it works using the standalone authenticator.


My hosting provider answers that CentoOS 5.11 does not support SNI and OpenSSL version which is required for installing Let’s Encrypt Certificate. Is it possible to install it without upgrading to CentOS 6?


Why not just trying my above steps and see if it works or not. Will take you less than 3 minutes to find out .


Hi @Mauri77,

I agree with @MitchellK that you may be able to find out by experiment, but I can clarify from the Certbot side that we don’t expect people to be able to run our Certbot software on versions of CentOS before CentOS 6.

However, Certbot is not the only way to get a Let’s Encrypt certificate. In fact, there are several dozen software tools that can help you do this

and even web-based interfaces (which are convenient if you can’t install software on your server or if some of these tools aren’t compatible with your server software version—but inconvenient because you can’t script automated renewals, and Let’s Encrypt certificates expire every 90 days).

The most widely compatible clients there with the fewest dependencies are probably the bash clients (that are implemented as shell scripts). I would think the bash clients are most likely to be able to run under CentOS 5.

There is nothing about the certificates themselves that limits their use to a particular OS, although (like all current trusted CA certificates) they are signed with SHA-256, not SHA-1, so the server software needs to believe that this is a valid signature algorithm component if it tries to verify the signature for itself.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.