HOWTO : Sentora (on Centos) Letsencrypt with Python 2.7
04-08-2016, 07:11 PM
(This post was last modified: 04-08-2016, 07:12 PM by jeremyotten.)
As Letsencryp states that 2.6 is no longer supported in the future here is my guide to set it up with 2.7
Install Python 2.7 op Centos (with alternate install which leaves 2.6 also in place)
Install numpy for Python (because we can)
Install the letsencrypt Virtual Environment based on Python 2.7 this also removes an already installed letsencrypt version
If you get somekind of ascii error just ignore @ this stage..
Changing Sentora port:
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select VHost] ->
Tick Port Override.
Forward Port 80 to Overriden Port: 443
Custom Entry:
Wait on daemon update or run it manually and restart apache.
When you get an error on starting stating that 443 is already in use
How to get an A rating on SSLlabs (Qualys) we also need to disable SSLv3 in the main ssl.conf file
done
NOW FOR THE AUTOMATIC RENEWAL PART make a Cronjob
Save and exit. This will create a new cron job that will execute the letsencrypt-auto renew command every Monday at 2:30 am, and reload Nginx at 2:35am (so the renewed certificate will be used). The output produced by the command will be piped to a log file located at /var/log/le-renewal.log.
You can verify if it was set OK by
Done! No Thanks
Install Python 2.7 op Centos (with alternate install which leaves 2.6 also in place)
Code:
yum install gcc
cd /usr/src
wget https://www.python.org/ftp/python/2.7.10/Python-2.7.10.tgz
tar xzf Python-2.7.10.tgz
cd Python-2.7.10
./configure
make altinstallInstall numpy for Python (because we can)
Code:
yum install python27-numpyInstall the letsencrypt Virtual Environment based on Python 2.7 this also removes an already installed letsencrypt version
Code:
yum install git
cd /root/tools
rm -rf /root/tools/letsencrypt
rm -rf /etc/letsencrypt
rm -rf /var/lib/letsencrypt
rm -rf /root/.local/share
git clone https://github.com/letsencrypt/letsencrypt
cd letsencrypt
sed -i "s|--python python2|--python python2.7|" letsencrypt-auto
./letsencrypt-auto --verboseIf you get somekind of ascii error just ignore @ this stage..
Code:
service httpd stop
./letsencrypt-auto certonly --standalone -d <your vhost domain>
service httpd startChanging Sentora port:
On Sentora Panel go to Admin -> Module Admin -> Apache Config > Override a Virtualhost [Select VHost] ->
Tick Port Override.
Forward Port 80 to Overriden Port: 443
Custom Entry:
Code:
SSLEngine on
SSLProtocol ALL -SSLv2 -SSLv3
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS
SSLCertificateFile /etc/letsencrypt/live/support.randomsolutions.nl/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/support.randomsolutions.nl/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/support.randomsolutions.nl/chain.pem
# Keeping bellow for future upgrades.
# Requires Apache >= 2.4
# SSLCompression offWait on daemon update or run it manually and restart apache.
Code:
php -q /etc/sentora/panel/bin/daemon.php
service httpd restartWhen you get an error on starting stating that 443 is already in use
Code:
vi /etc/sentora/configs/apache/httpd-vhosts.conf
put a # before listen 443How to get an A rating on SSLlabs (Qualys) we also need to disable SSLv3 in the main ssl.conf file
Code:
vi /etc/httpd/conf.d/ssl.conf
add -SSLv3 behind SSLProtocol ALL -SSLv2Code:
service httpd startNOW FOR THE AUTOMATIC RENEWAL PART make a Cronjob
Code:
sudo crontab -e
30 2 * * 1 /root/.local/share/letsencrypt/bin/letsencrypt renew >> /var/log/letsencrypt-renew.log
35 2 * * 1 service httpd restartSave and exit. This will create a new cron job that will execute the letsencrypt-auto renew command every Monday at 2:30 am, and reload Nginx at 2:35am (so the renewed certificate will be used). The output produced by the command will be piped to a log file located at /var/log/le-renewal.log.
You can verify if it was set OK by
Code:
crontab -lDone! No Thanks
