This is a short manual how to use Let’s Encrypt on CentOS 6 with Apache Webserver:
1. Install dependencies:
Download, unzip and install Python:
wget https://www.python.org/ftp/python/2.7.11/Python-2.7.11.tgz
tar -xvpzf Python-2.7.11.tgz
cd Python-2.7.11
./configure
make altinstall
Install Git:
yum install git
git clone https://github.com/letsencrypt/letsencrypt
2. Stop apache:
apachectl stop
3. Start the letsencrypt-script:
cd letsencrypt
./letsencrypt-auto
This will end with:
No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually
So we try with:
./letsencrypt-auto certonly
Enter your e-mail address (must be a valid one!).
Enter your domain.
Should end with:
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/yourdomain.com/fullchain.pem. Your cert
will expire on XXXX-XX-XX. To obtain a new version of the
certificate in the future, simply run Let's Encrypt again.
- If you like Let's Encrypt, please consider supporting our work by:
Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
Symlink the certfiles on:
# ls -al /etc/letsencrypt/live/yourdomain.com/
lrwxrwxrwx 1 root root 41 12. Jan 22:56 cert.pem -> ../../archive/host.yourdomain.com/cert1.pem
lrwxrwxrwx 1 root root 42 12. Jan 22:56 chain.pem -> ../../archive/host.yourdomain.com/chain1.pem
lrwxrwxrwx 1 root root 46 12. Jan 22:56 fullchain.pem -> ../../archive/host.yourdomain.com/fullchain1.pem
lrwxrwxrwx 1 root root 44 12. Jan 22:56 privkey.pem -> ../../archive/host.yourdomain.com/privkey1.pem
4. Use symlinks for virtual host config of apache:
I use the fullchain.pem instead of cert.pem, because this will not give any errors with mobile browsers (i.e. “Safari not trusted…”)
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/host.yourdomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/host.yourdomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/host.yourdomain.com/fullchain.pem
5. Start apache again:
apachectl start
6. In future, update your certs with:
./letsencrypt-auto certonly -d host.yourdomain.com
Or add multiple hosts/domains with:
./letsencrypt-auto certonly -d host1.yourdomain.com -d host2.yourdomain.com -d testserver.yourdomain.com
For those who use nginx instead of apache:
ssl_certificate /etc/letsencrypt/live/host.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/host.yourdomain.com/privkey.pem;