LetsEncrypt on CentOS 6 – Free SSL certificate for everyone!

This is a short manual how to use Let’s Encrypt on CentOS 6 with Apache Webserver:

1. Install dependencies:

Download, unzip and install Python:

wget https://www.python.org/ftp/python/2.7.11/Python-2.7.11.tgz
tar -xvpzf Python-2.7.11.tgz
cd Python-2.7.11
make altinstall

Install Git:

yum install git
git clone https://github.com/letsencrypt/letsencrypt

2. Stop apache:

apachectl stop

3. Start the letsencrypt-script:

cd letsencrypt

This will end with:

No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually

So we try with:

./letsencrypt-auto certonly

Enter your e-mail address (must be a valid one!).
Enter your domain.

Should end with:

 - Congratulations! Your certificate and chain have been saved at
 /etc/letsencrypt/live/yourdomain.com/fullchain.pem. Your cert
 will expire on XXXX-XX-XX. To obtain a new version of the
 certificate in the future, simply run Let's Encrypt again.
 - If you like Let's Encrypt, please consider supporting our work by:

Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
Donating to EFF:                    https://eff.org/donate-le

Symlink the certfiles on:

# ls -al /etc/letsencrypt/live/yourdomain.com/
 lrwxrwxrwx 1 root root   41 12. Jan 22:56 cert.pem -> ../../archive/host.yourdomain.com/cert1.pem
 lrwxrwxrwx 1 root root   42 12. Jan 22:56 chain.pem -> ../../archive/host.yourdomain.com/chain1.pem
 lrwxrwxrwx 1 root root   46 12. Jan 22:56 fullchain.pem -> ../../archive/host.yourdomain.com/fullchain1.pem
 lrwxrwxrwx 1 root root   44 12. Jan 22:56 privkey.pem -> ../../archive/host.yourdomain.com/privkey1.pem

4. Use symlinks for virtual host config of apache:
I use the fullchain.pem instead of cert.pem, because this will not give any errors with mobile browsers (i.e. “Safari not trusted…”)

SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/host.yourdomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/host.yourdomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/host.yourdomain.com/fullchain.pem

5. Start apache again:

apachectl start

6. In future, update your certs with:

./letsencrypt-auto certonly -d host.yourdomain.com

Or add multiple hosts/domains with:

./letsencrypt-auto certonly -d host1.yourdomain.com -d host2.yourdomain.com -d testserver.yourdomain.com

For those who use nginx instead of apache:

ssl_certificate /etc/letsencrypt/live/host.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/host.yourdomain.com/privkey.pem;

Leave a Reply