Getting letsencrypt to run on an ancient CentOS or Red Hat Enterprise Linux 5 system (they still tend to appear in the wild from time to time) can be a major headache. I took some notes during the setup, I hope you find the useful (you'll need some basic Unix admin skills in order to follow this recipe, so caution is advised as you go through the procedure). Sources: http://stackoverflow.com/questions/23548188/how-do-i-compile-python-3-4-with-custom-openssl Important: You'll need to use Python 2.7.8, anything beyond that version will die with an invalid certificate error during the certbot setup phase. # compile openssl from source: mkdir -p /server/src && cd /server/src wget https://www.openssl.org/source/openssl-1.0.1t.tar.gz tar xvzf openssl-1.0.1t.tar.gz && cd openssl-1.0.1t ./config --prefix=/server/openssl-1.0.1t shared --openssldir=/server/openssl-1.0.1t/openssl make depend && make && make install # create a softlink for convenience ln -s /server/openssl-1.0.1t /server/openssl # Get Python 2.7.8 cd /server/src && wget https://www.python.org/ftp/python/2.7.11/Python-2.7.8.tgz tar xvzf Python-2.7.8.tar.gz cd python-2.7.8 # set up compile environment export LDFLAGS=-"Wl,-rpath=/server/openssl/lib -L/server/openssl/lib -L/server/openssl/lib64/" export LD_LIBRARY_PATH="/server/openssl/lib/:/server/openssl/lib64" export CPPFLAGS="-I/server/openssl/include -I/server/openssl/include/openssl" ./configure --prefix=/server/python-2.7.8 make && make install # create softlink, adjust PATH ln -s /server/python-2.7.8 /server/python; export PATH=/server/python/bin:$PATH # install pip in new python version wget --no-check-certificate https://bootstrap.pypa.io/get-pip.py python2.7 get-pip.py # install virtualenv, wheel pip install virtualenv wheel # git-clone certbot (latest version) cd /server/src/ ; git clone https://github.com/certbot/certbot # Request a certificate manually (certonly) cd certbot; ./letsencrypt-auto certonly --manual -d my.server.tld # configuring your webserver of choice is left as an exercise for the reader.
On Centos five, the letsencrypt keeps checking for packages, and drops an error…
maybe an additional switch is needed for letsencrypt to skip checking …
-bash-3.2# ./letsencrypt-auto certonly –manual -d xxxx
Bootstrapping dependencies for RedHat-based OSes…
yum is /usr/bin/yum
Loaded plugins: fastestmirror, priorities, replace
Loading mirror speeds from cached hostfile
This isnt to bad of a howto except that it doesnt actually work. With older CentOS’s 5 to 5.5 etc, Apache does not have the required SSL support that certbot uses. You should mention this so that people dont 5 weeks trying to figure out why you had to use the –manual switch.
Invalid command ‘SSLStrictSNIVHostCheck’, perhaps misspelled or defined by a module not included in the server configuration <— This is the only reason why manual switch is needed.