Select Page

How to setup Let’s Encrypt in CentOS 6 and CentOS 7

How to setup Let’s Encrypt in CentOS 6 and CentOS 7

Setting up SSL is a costly, and often tedious process.

A decent 2048-bit certificate costs at least $149/yr, and requires the webmaster to generate a CSR, submit it to the CA, reconfigure the web server, and troubleshoot any errors.

It’s then no surprise that many webmasters choose not to get an SSL. But such websites are more susceptible to web-based attacks, and contributes to an insecure internet.

letsencrypt centos - green light Bobcares

That HTTPS green light shows that the content is reliable

Internet Security Research Group, a non-profit organization came up with a solution – Free certificates with automated provisioning. Towards this goal they setup an Open Certificate Authority called Let’s Encrypt.

How Let’s Encrypt works

With traditional Certificate Authorities, a webmaster proves their ownership of a domain by generating a CSR with their domain name, and by using a verifiable email ID.

Let’s Encrypt simplified this process by automating the domain validation.

A client program in your server takes over the role of the webmaster. It then proves to the Let’s Encrypt Certificate server that it can modify the domain contents, and generate a CSR for the domain name. It goes something like this:

Let's Encrypt in CentOS 6 and CentOS 7 - how it works

The Let’s Encrypt client process runs with “root” privileges, which is possible only for the domain owner.

Setting up Let’s Encrypt in CentOS 6 and CentOS 7

Let’s Encrypt recommends many client programs that are compatible with CentOS.

We feel CertBot from the non-profit Electronic Frontier Foundation is a good tool – if used correctly. Let’s get to that.

1. Update your system

CertBot needs a lot of packages in it’s latest version for it’s proper functioning. So, first off, update all your packages with:

# yum -y update

Then, install the EPEL (Extra Packages for Enterprise Linux) repository, to provide the latest Python packages for CertBot.

# yum -y install epel-release

Note : If your server is custom configured, an upgrade might break your website. If you suspect something like that, consult a server expert.

2. Get CertBot from EFF

CertBot is available in CentOS 7 EPEL repositories. So, if you’re on CentOS 7, install CertBot with:

# yum -y install python-certbot-apache

If you are on CentOS 6, download and make the program executable by:

# wget https://dl.eff.org/certbot-auto

# chmod 755 certbot-auto

[ Managing your web server infrastructure doesn’t have to be hard, or costly. Get world class server administration services at affordable pricing. ]


Get your web servers stable!

Worried about upgrades and service errors in your web servers? Let us help you.

GET IN TOUCH WITH AN EXPERT NOW!


Bobcares provides Outsourced Hosting Support for online businesses. Our services include Outsourced Web Hosting Support, Outsourced Server Support, Outsourced Help Desk Support, Outsource Live Chat Support and Phone Support Services.

2 Comments

  1. I used your instructions to install certbot on Centos 7 python2.7 apache2 and found similar instructions elsewhere but with same results.

    Trust that you can help.
    Thanx
    This is the error I get when:
    certbot –apache
    Traceback (most recent call last):
    File “/usr/bin/certbot”, line 9, in
    load_entry_point(‘certbot==0.18.1’, ‘console_scripts’, ‘certbot’)()
    File “/usr/lib/python2.7/site-packages/pkg_resources/__init__.py”, line 570, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
    File “/usr/lib/python2.7/site-packages/pkg_resources/__init__.py”, line 2755, in load_entry_point
    return ep.load()
    File “/usr/lib/python2.7/site-packages/pkg_resources/__init__.py”, line 2409, in load
    return self.resolve()
    File “/usr/lib/python2.7/site-packages/pkg_resources/__init__.py”, line 2415, in resolve
    module = __import__(self.module_name, fromlist=[‘__name__’], level=0)
    ImportError: No module named certbot.main

    Reply
    • This error can happen due to many reasons such as python compatibility problem or cache. Please submit your details at https://bobcares.com/contact-us/ , as our server specialists can check your server and get back to you with the fix.

      Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Bobcares
Bobcares is a server management company that helps businesses deliver uninterrupted and secure online services. Our engineers manage close to 51,500 servers that include virtualized servers, cloud infrastructure, physical server clusters, and more.
MORE ABOUT BOBCARES