Setting up & running letsencrypt a.k.a. certbot on CentOS / RHEL 5 systems


Getting letsencrypt to run on an ancient CentOS  or Red Hat Enterprise Linux 5 system (they still tend to appear in the wild from time to time) can be a major headache. I took some notes during the setup, I hope you find the useful (you'll need some basic Unix admin skills in order to follow this recipe, so caution is advised as you go through the procedure). 


Important: You'll need to use Python 2.7.8, anything beyond that version will
die with an invalid certificate error during the certbot setup phase. 

# compile openssl from source:

mkdir -p /server/src && cd /server/src


tar xvzf openssl-1.0.1t.tar.gz && cd openssl-1.0.1t

./config --prefix=/server/openssl-1.0.1t shared --openssldir=/server/openssl-1.0.1t/openssl

make depend && make && make install

# create a softlink for convenience 

ln -s /server/openssl-1.0.1t /server/openssl

# Get Python 2.7.8

cd /server/src && wget

tar xvzf Python-2.7.8.tar.gz

cd python-2.7.8

# set up compile environment

export LDFLAGS=-"Wl,-rpath=/server/openssl/lib -L/server/openssl/lib -L/server/openssl/lib64/"

export LD_LIBRARY_PATH="/server/openssl/lib/:/server/openssl/lib64"

export CPPFLAGS="-I/server/openssl/include -I/server/openssl/include/openssl"

./configure --prefix=/server/python-2.7.8

make && make install

# create softlink, adjust PATH

ln -s /server/python-2.7.8 /server/python; export PATH=/server/python/bin:$PATH

# install pip in new python version

wget --no-check-certificate


# install virtualenv, wheel

pip install virtualenv wheel

# git-clone certbot (latest version)

 cd /server/src/ ; git clone

# Request a certificate manually (certonly)

cd certbot; ./letsencrypt-auto certonly --manual -d my.server.tld 

# configuring your webserver of choice is left as an exercise for the reader.


Leave a Reply

Your email address will not be published. Required fields are marked *