Letsencrypt
Introduction
Let’s Encrypt is a new Certificate Authority: It’s free, automated, and open. It's main purpose is to allow people to encrypt the internet traffic by a very simple system.
The certs delivred must be renew every 3 months.
Installation
followed instructions at http://wiki.contribs.org/Software_Collections and the python related wiki page specifically.
add the 2.7 scl-repository by following : http://wiki.contribs.org/Scl#tab=Python27
Then : yum install python27 --enablerepo=scl-python27
at this time : scl enable python27 bash
To use Let's Encrypt run:
mkdir src cd src git clone https://github.com/letsencrypt/letsencrypt.git cd letsencrypt service httpd-e-smith stop ./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk
Replacing email and domains as required. Then configure SME with the certificates generated:
config setprop modSSL crt /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem config setprop modSSL key /etc/letsencrypt/live/test.firstdomain.co.uk/privkey.pem config setprop modSSL CertificateChainFile /etc/letsencrypt/live/test.firstdomain.co.uk/fullchain.pem signal-event post-upgrade; signal-event reboot
Source from info
Source: http://forums.contribs.org/index.php/topic,51961.msg266680.html#msg266680
Renew of the certs
A simple bash to renew cert :
#!/bin/bash source /opt/rh/python27/enable export X_SCLS="`scl enable python27 'echo $X_SCLS'`" service httpd-e-smith stop cd /src/letsencrypt ./letsencrypt-auto certonly --standalone --email me@mydomain.co.uk -d test.firstdomain.co.uk -d seconddomain.co.uk -d www.seconddomain.co.uk --renew-by-default service httpd-e-smith start