SHARE

Let’s Encrypt

Step 1: Install Git

Check the git command, if command not found, you must install git first:

[root@tutorialspots ~]# git
-bash: git: command not found

Read: How to install Git on Centos Linux

Step 2: install ca-certificates and python pip

How to install ca-certificates package on Centos 5.x

How to install package python-pip on Centos

How to install python pip on Linux

Step 3: Installing Client Software

Step 3.1:

git clone https://github.com/letsencrypt/letsencrypt

Result:

[root@tutorialspots ~]# git clone https://github.com/letsencrypt/letsencrypt
Cloning into 'letsencrypt'...
remote: Counting objects: 34957, done.
remote: Compressing objects: 100% (93/93), done.
remote: Total 34957 (delta 46), reused 0 (delta 0), pack-reused 34864
Receiving objects: 100% (34957/34957), 9.39 MiB | 8.81 MiB/s, done.
Resolving deltas: 100% (24827/24827), done.
Checking connectivity... done.

Step 3.2:

cd letsencrypt

Step 3.3

./letsencrypt-auto --help

install letsencrypt linux

Result:

[root@tutorialspots letsencrypt]# ./letsencrypt-auto --help
Bootstrapping dependencies for RedHat-based OSes...
yum is /usr/bin/yum
Loaded plugins: fastestmirror, protectbase, replace
Loading mirror speeds from cached hostfile
 * addons: mirror.netdepot.com
 * base: centos.mirror.constant.com
 * epel: mirror.symnds.com
 * extras: mirror.vcu.edu
 * rpmforge: mirror.rit.edu
 * updates: mirrors.tripadvisor.com
0 packages excluded due to repository protections
Setting up Install Process
Package python-2.4.3-56.el5.i386 already installed and latest version
Package python-devel-2.4.3-56.el5.i386 already installed and latest version
Package python-tools-2.4.3-56.el5.i386 already installed and latest version
No package python-pip available.
Resolving Dependencies
--> Running transaction check
---> Package python-virtualenv.noarch 1:1.7.2-2.el5 set to be updated
--> Processing Dependency: python-setuptools for package: python-virtualenv
--> Running transaction check
---> Package python-setuptools.noarch 0:0.6.14-3.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package                 Arch         Version               Repository     Size
================================================================================
Installing:
 python-virtualenv       noarch       1:1.7.2-2.el5         epel          1.1 M
Installing for dependencies:
 python-setuptools       noarch       0.6.14-3.el5          flexbox       424 k

Transaction Summary
================================================================================
Install       2 Package(s)
Upgrade       0 Package(s)

Total download size: 1.5 M
Downloading Packages:
(1/2): python-setuptools-0.6.14-3.el5.noarch.rpm         | 424 kB     00:00
(2/2): python-virtualenv-1.7.2-2.el5.noarch.rpm          | 1.1 MB     00:00
--------------------------------------------------------------------------------
Total                                           1.9 MB/s | 1.5 MB     00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : python-setuptools                                        1/2
  Installing     : python-virtualenv                                        2/2

Installed:
  python-virtualenv.noarch 1:1.7.2-2.el5

Dependency Installed:
  python-setuptools.noarch 0:0.6.14-3.el5

Complete!
Loaded plugins: fastestmirror, protectbase, replace
Loading mirror speeds from cached hostfile
 * addons: mirror.netdepot.com
 * base: centos.mirror.constant.com
 * epel: mirror.symnds.com
 * extras: mirror.vcu.edu
 * rpmforge: repoforge.spinellicreations.com
 * updates: mirrors.tripadvisor.com
0 packages excluded due to repository protections
Setting up Install Process
Package gcc-4.1.2-55.el5.i386 already installed and latest version
Package dialog-1.0.20051107-1.2.2.i386 already installed and latest version
Package openssl-0.9.8e-39.el5_11.i686 already installed and latest version
Package openssl-devel-0.9.8e-39.el5_11.i386 already installed and latest version
Package redhat-rpm-config-8.0.45-32.el5.centos.noarch already installed and late
st version
Resolving Dependencies
--> Running transaction check
---> Package augeas-libs.i386 0:1.2.0-1.el5 set to be updated
---> Package libffi-devel.i386 0:3.0.9-1.el5.rf set to be updated
--> Processing Dependency: libffi = 3.0.9-1.el5.rf for package: libffi-devel
--> Running transaction check
---> Package libffi.i386 0:3.0.9-1.el5.rf set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package             Arch        Version                  Repository       Size
================================================================================
Installing:
 augeas-libs         i386        1.2.0-1.el5              epel            360 k
Updating:
 libffi-devel        i386        3.0.9-1.el5.rf           rpmforge         16 k
Updating for dependencies:
 libffi              i386        3.0.9-1.el5.rf           rpmforge         87 k

Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade       2 Package(s)

Total download size: 463 k
Downloading Packages:
(1/3): libffi-devel-3.0.9-1.el5.rf.i386.rpm              |  16 kB     00:00
(2/3): libffi-3.0.9-1.el5.rf.i386.rpm                    |  87 kB     00:00
(3/3): augeas-libs-1.2.0-1.el5.i386.rpm                  | 360 kB     00:00
--------------------------------------------------------------------------------
Total                                           1.3 MB/s | 463 kB     00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : libffi                                                   1/5
  Updating       : libffi-devel                                             2/5
  Installing     : augeas-libs                                              3/5
  Cleanup        : libffi                                                   4/5
  Cleanup        : libffi-devel                                             5/5

Installed:
  augeas-libs.i386 0:1.2.0-1.el5

Updated:
  libffi-devel.i386 0:3.0.9-1.el5.rf

Dependency Updated:
  libffi.i386 0:3.0.9-1.el5.rf

Complete!
Loaded plugins: fastestmirror, protectbase, replace
Loading mirror speeds from cached hostfile
 * addons: mirror.netdepot.com
 * base: centos.mirror.constant.com
 * epel: mirror.symnds.com
 * extras: mirror.vcu.edu
 * rpmforge: mirror.rit.edu
 * updates: mirrors.tripadvisor.com
0 packages excluded due to repository protections
Setting up Install Process
Package 1:mod_ssl-2.2.27-2.i386 already installed and latest version
Nothing to do
Checking for new version...
Creating virtual environment...
Installing Python packages...
Installation succeeded.
Requesting root privileges to run letsencrypt...
   /root/.local/share/letsencrypt/bin/letsencrypt --help

  letsencrypt-auto [SUBCOMMAND] [options] [-d domain] [-d domain] ...

The Let's Encrypt agent can obtain and install HTTPS/TLS/SSL certificates.  By
default, it will attempt to use a webserver both for obtaining and installing
the cert. Major SUBCOMMANDS are:

  (default) run        Obtain & install a cert in your current webserver
  certonly             Obtain cert, but do not install it (aka "auth")
  install              Install a previously obtained cert in a server
  renew                Renew previously obtained certs that are near expiry
  revoke               Revoke a previously obtained certificate
  rollback             Rollback server configuration changes made during install
  config_changes       Show changes made to server config during installation
  plugins              Display information about installed plugins

Choice of server plugins for obtaining and installing cert:

  --apache          Use the Apache plugin for authentication & installation
  --standalone      Run a standalone webserver for authentication
  (nginx support is experimental, buggy, and not installed by default)
  --webroot         Place files in a server's webroot folder for authentication

OR use different plugins to obtain (authenticate) the cert and then install it:

  --authenticator standalone --installer apache

More detailed help:

  -h, --help [topic]    print this message, or detailed help on a topic;
                        the available topics are:

   all, automation, paths, security, testing, or any of the subcommands or
   plugins (certonly, install, nginx, apache, standalone, webroot, etc)

Now, we can use letsencrypt command

Step 4: Use The Client

If you’re using Apache:

/root/.local/share/letsencrypt/bin/letsencrypt --apache

or

/root/letsencrypt/letsencrypt-auto --apache --verbose

Result:

Which names would you like to activate HTTPS for?
letsencrypt usage

Select your domain you want to install Let’s encrypt certificate, then press Enter.

letsencrypt usage enter email address
Enter email address (used for urgent notices and lost key recovery):

Then, press Enter.

install letsencrypt linux 2
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf. You
must agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory

IMPORTANT NOTES:
 - If you lose your account credentials, you can recover through
   e-mails sent to tutorialspots.com@gmail.com.
 - Your account credentials have been saved in your Let's Encrypt
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Let's
   Encrypt so making regular backups of this folder is ideal.

If you’re using the “webroot” plugin:

letsencrypt certonly --webroot -w /var/www/tutorialspots -d tutorialspots.com -d www.tutorialspots.com -w /var/www/thing -d thing.is -d m.thing.is

If you’reusing a built-in “standalone” webserver:

letsencrypt certonly --standalone -d tutorialspots.com -d www.tutorialspots.com

Next: How to use SSL certificate free of Let’s Encrypt on Linux – part 2

NO COMMENTS