As Letsencryp states that 2.6 is no longer supported in the future here is my guide to set it up with 2.7
Install Python 2.7 op Centos (with alternate install which leaves 2.6 also in place)
Everything should be done under Root User!
yum install gcc
cd /usr/src
wget https://www.python.org/ftp/python/2.7.10/Python-2.7.10.tgz
tar xzf Python-2.7.10.tgz
cd Python-2.7.10
./configure
make altinstall
Install numpy for Python (because we can)
yum install python27-numpy
Install the letsencrypt Virtual Environment based on Python 2.7 this also removes an already installed letsencrypt version
yum install git
cd /root/tools
rm -rf /root/tools/letsencrypt
rm -rf /etc/letsencrypt
rm -rf /var/lib/letsencrypt
rm -rf /root/.local/share
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
sed -i "s|--python python2|--python python2.7|" letsencrypt-auto
./letsencrypt-auto --verbose
If you get somekind of ascii error just ignore @ this stage..
service httpd stop
./letsencrypt-auto certonly --standalone -d <your vhost domain>
service httpd start
Changing Sentora port:
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select VHost] ->
Tick Port Override.
Forward Port 80 to Overriden Port: 443
Custom Entry:
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/support.randomsolutions.nl/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/support.randomsolutions.nl/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/support.randomsolutions.nl/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
# SSLCompression off
Wait on daemon update or run it manually and restart apache.
php -q /etc/sentora/panel/bin/daemon.php
service httpd restart
When you get an error on starting stating that 443 is already in use
vi /etc/sentora/configs/apache/httpd-vhosts.conf
put a # before listen 443
How to get an A rating on SSLlabs (Qualys) we also need to disable SSLv3 in the main ssl.conf file
vi /etc/httpd/conf.d/ssl.conf
add -SSLv3 behind SSLProtocol ALL -SSLv2
done!
service httpd start
NOW FOR THE AUTOMATIC RENEWAL PART make a Cronjob
sudo crontab -e
30 2 * * 1 /root/.local/share/letsencrypt/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log
35 2 * * 1 service httpd restart
Save and exit. This will create a new cron job that will execute the letsencrypt-auto renew command every Monday at 2:30 am, and reload Nginx at 2:35am (so the renewed certificate will be used). The output produced by the command will be piped to a log file located at /var/log/le-renewal.log.
You can verify if it was set OK by
crontab -l
Done! No Thanks