HOWTO : Sentora (on Centos) Letsencrypt with Python 2.7

As Letsencryp states that 2.6 is no longer supported in the future here is my guide to set it up with 2.7

Install Python 2.7 op Centos (with alternate install which leaves 2.6 also in place)

Everything should be done under Root User!

yum install gcc
cd /usr/src
tar xzf Python-2.7.10.tgz
cd Python-2.7.10
make altinstall

Install numpy for Python (because we can)

yum install python27-numpy

Install the letsencrypt Virtual Environment based on Python 2.7 this also removes an already installed letsencrypt version


yum install git
cd /root/tools
rm -rf /root/tools/letsencrypt
rm -rf /etc/letsencrypt
rm -rf /var/lib/letsencrypt
rm -rf /root/.local/share
git clone
cd letsencrypt
sed -i "s|--python python2|--python python2.7|" letsencrypt-auto
./letsencrypt-auto --verbose

If you get somekind of ascii error just ignore @ this stage..


service httpd stop
./letsencrypt-auto certonly --standalone -d <your vhost domain>
service httpd start

Changing Sentora port:
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select VHost] -> 
Tick Port Override.
Forward Port 80 to Overriden Port: 443

Custom Entry:

SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/
SSLCertificateChainFile /etc/letsencrypt/live/
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
# SSLCompression off

Wait on daemon update or run it manually and restart apache.

php -q /etc/sentora/panel/bin/daemon.php
service httpd restart

When you get an error on starting stating that 443 is already in use

vi /etc/sentora/configs/apache/httpd-vhosts.conf
put a # before listen 443

How to get an A rating on SSLlabs (Qualys) we also need to disable SSLv3 in the main ssl.conf file

vi /etc/httpd/conf.d/ssl.conf
add -SSLv3 behind SSLProtocol ALL -SSLv2


service httpd start



sudo crontab -e
30 2 * * 1 /root/.local/share/letsencrypt/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log
35 2 * * 1 service httpd restart

Save and exit. This will create a new cron job that will execute the letsencrypt-auto renew command every Monday at 2:30 am, and reload Nginx at 2:35am (so the renewed certificate will be used). The output produced by the command will be piped to a log file located at /var/log/le-renewal.log.

You can verify if it was set OK by

crontab -l

Done! No Thanks