Setting up & running letsencrypt a.k.a. certbot on CentOS / RHEL 5 systems

 

Getting letsencrypt to run on an ancient CentOS  or Red Hat Enterprise Linux 5 system (they still tend to appear in the wild from time to time) can be a major headache. I took some notes during the setup, I hope you find the useful (you'll need some basic Unix admin skills in order to follow this recipe, so caution is advised as you go through the procedure). 

Sources: 

http://stackoverflow.com/questions/23548188/how-do-i-compile-python-3-4-with-custom-openssl



Important: You'll need to use Python 2.7.8, anything beyond that version will
die with an invalid certificate error during the certbot setup phase. 



# compile openssl from source:

mkdir -p /server/src && cd /server/src

wget https://www.openssl.org/source/openssl-1.0.1t.tar.gz


tar xvzf openssl-1.0.1t.tar.gz && cd openssl-1.0.1t

./config --prefix=/server/openssl-1.0.1t shared --openssldir=/server/openssl-1.0.1t/openssl


make depend && make && make install

# create a softlink for convenience 

ln -s /server/openssl-1.0.1t /server/openssl

# Get Python 2.7.8

cd /server/src && wget https://www.python.org/ftp/python/2.7.11/Python-2.7.8.tgz


tar xvzf Python-2.7.8.tar.gz

cd python-2.7.8

# set up compile environment

export LDFLAGS=-"Wl,-rpath=/server/openssl/lib -L/server/openssl/lib -L/server/openssl/lib64/"

export LD_LIBRARY_PATH="/server/openssl/lib/:/server/openssl/lib64"

export CPPFLAGS="-I/server/openssl/include -I/server/openssl/include/openssl"

./configure --prefix=/server/python-2.7.8

make && make install

# create softlink, adjust PATH

ln -s /server/python-2.7.8 /server/python; export PATH=/server/python/bin:$PATH

# install pip in new python version

wget --no-check-certificate https://bootstrap.pypa.io/get-pip.py

python2.7 get-pip.py

# install virtualenv, wheel

pip install virtualenv wheel

# git-clone certbot (latest version)

 cd /server/src/ ; git clone https://github.com/certbot/certbot

# Request a certificate manually (certonly)

cd certbot; ./letsencrypt-auto certonly --manual -d my.server.tld 

# configuring your webserver of choice is left as an exercise for the reader.

 

Leave a Reply

Your email address will not be published. Required fields are marked *