HOWTO : Sentora (on Centos) Letsencrypt with Python 2.7

As Letsencryp states that 2.6 is no longer supported in the future here is my guide to set it up with 2.7

Install Python 2.7 op Centos (with alternate install which leaves 2.6 also in place)

Everything should be done under Root User!

yum install gcc
cd /usr/src
wget https://www.python.org/ftp/python/2.7.10/Python-2.7.10.tgz
tar xzf Python-2.7.10.tgz
cd Python-2.7.10
./configure
make altinstall


Install numpy for Python (because we can)

yum install python27-numpy


Install the letsencrypt Virtual Environment based on Python 2.7 this also removes an already installed letsencrypt version

 

yum install git
cd /root/tools
rm -rf /root/tools/letsencrypt
rm -rf /etc/letsencrypt
rm -rf /var/lib/letsencrypt
rm -rf /root/.local/share
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
sed -i "s|--python python2|--python python2.7|" letsencrypt-auto
./letsencrypt-auto --verbose


If you get somekind of ascii error just ignore @ this stage..

 

service httpd stop
./letsencrypt-auto certonly --standalone -d <your vhost domain>
service httpd start


Changing Sentora port:
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select VHost] -> 
Tick Port Override.
Forward Port 80 to Overriden Port: 443

Custom Entry:

SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/support.randomsolutions.nl/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/support.randomsolutions.nl/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/support.randomsolutions.nl/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
# SSLCompression off


Wait on daemon update or run it manually and restart apache.

php -q /etc/sentora/panel/bin/daemon.php
service httpd restart


When you get an error on starting stating that 443 is already in use

vi /etc/sentora/configs/apache/httpd-vhosts.conf
put a # before listen 443


How to get an A rating on SSLlabs (Qualys) we also need to disable SSLv3 in the main ssl.conf file

vi /etc/httpd/conf.d/ssl.conf
add -SSLv3 behind SSLProtocol ALL -SSLv2

 

service httpd start

done!

NOW FOR THE AUTOMATIC RENEWAL PART make a Cronjob
 

sudo crontab -e
30 2 * * 1 /root/.local/share/letsencrypt/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log
35 2 * * 1 service httpd restart


Save and exit. This will create a new cron job that will execute the letsencrypt-auto renew command every Monday at 2:30 am, and reload Nginx at 2:35am (so the renewed certificate will be used). The output produced by the command will be piped to a log file located at /var/log/le-renewal.log.

You can verify if it was set OK by

crontab -l


Done! No Thanks