allella · August 5, 2016 15:38 · allella · Feb 18, 2016
diff --git a/gistfile1.txt b/gistfile1.txt
 # Change to the root user
 su root

 # EPEL is used by Letsencrypt auto to install packages it needs. This doesn't install anything, it just means 
 # extra packages in this Linux repo are available for installation
 yum install epel-release

 # Ideally you'd already have, or else install, Python 2.7 to avoid certain Python related messages, but if you
 # don't want to bother it will work with Python 2.6
 # See https://digitz.org/blog/lets-encrypt-ssl-centos-7-setup/ for more on Python 2.7 and CentOS
 # IF you need to keep Python 2.6 then the --debug flag must be used. It won't hurt to always use --debug

 # Download Let's Encrypt
 cd /opt/ && git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt

 # We'll now the run letsencrypt-auto command below and the first time it will install packages from the EPEL repository
 # specify your domain values, email, and the public root path of your domain. Obviously, change example.com
 # and the example email to your values. The first domain name (-d) is the "subject" and the second (-d) is
 # the "Alternative". You can only specify 1 subdomain and the base domain. So, don't try adding multiple
 # subdomains or a wildcard
 # This will automatically agree to the Terms of Service so there are no UI prompts
 /opt/letsencrypt/letsencrypt-auto certonly --debug --agree-tos --email [email protected] --renew-by-default -a webroot --webroot-path /home/example/public_html -d www.example.com -d example.com

 # Backup your Apache confige files before you mess with them. SSL errors (or lack their of) can be hard to debug
 # Then, for Apache users, you need to edit your Virtual Host and add three lines to link the certificate files with your domain
 vi /etc/httpd/conf/httpd.conf

 # add these, changing example.com for your domain/directory name
 # not that IF you have multiple domains on the same IP address you may need to rework your Apache configuration
 # like here, or Google it, https://gist.github.com/allella/b2de20d3df17a867f3c3
 SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
 SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
 SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem

 # and then check there are no Apache errors
 /usr/sbin/apachectl configtest

 # and then reload Apache
 /etc/init.d/httpd reload
 # or on CentOS 7 the reload command is
 systemctl reload httpd

 # You can now setup a cron job / tab like
 vi crontab -e

 # and add a line like this, again, changing example.com and example to your values
 # Renew Letsencrypt SSL certs on the 22nd of each month at 5:25am
 # A certificate is good for 3 months, so you could run it every three months. For simplicity this example runs each month
 # but you could change the first * to something like 1,4,7,10
 25 5 22 * * /opt/letsencrypt/letsencrypt-auto certonly --debug --agree-tos --email [email protected] --renew-by-default -a webroot --webroot-path /home/example/public_html -d www.example.com -d example.com

 #You may find it necessary to run a cronjob to update Let's Encyrpt every month or so to prevent a situation where an out of date Let's Encyrpt causes a console message and breaks the auto renew.  That would look something like

 20 5 22 * * cd /opt/letsencrypt && git pull
	# Change to the root user
	su root

	# EPEL is used by Letsencrypt auto to install packages it needs. This doesn't install anything, it just means
	# extra packages in this Linux repo are available for installation
	yum install epel-release

	# Ideally you'd already have, or else install, Python 2.7 to avoid certain Python related messages, but if you
	# don't want to bother it will work with Python 2.6
	# See https://digitz.org/blog/lets-encrypt-ssl-centos-7-setup/ for more on Python 2.7 and CentOS
	# IF you need to keep Python 2.6 then the --debug flag must be used. It won't hurt to always use --debug

	# Download Let's Encrypt
	cd /opt/ && git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt

	# We'll now the run letsencrypt-auto command below and the first time it will install packages from the EPEL repository
	# specify your domain values, email, and the public root path of your domain. Obviously, change example.com
	# and the example email to your values. The first domain name (-d) is the "subject" and the second (-d) is
	# the "Alternative". You can only specify 1 subdomain and the base domain. So, don't try adding multiple
	# subdomains or a wildcard
	# This will automatically agree to the Terms of Service so there are no UI prompts
	/opt/letsencrypt/letsencrypt-auto certonly --debug --agree-tos --email [email protected] --renew-by-default -a webroot --webroot-path /home/example/public_html -d www.example.com -d example.com

	# Backup your Apache confige files before you mess with them. SSL errors (or lack their of) can be hard to debug
	# Then, for Apache users, you need to edit your Virtual Host and add three lines to link the certificate files with your domain
	vi /etc/httpd/conf/httpd.conf

	# add these, changing example.com for your domain/directory name
	# not that IF you have multiple domains on the same IP address you may need to rework your Apache configuration
	# like here, or Google it, https://gist.github.com/allella/b2de20d3df17a867f3c3
	SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem

	# and then check there are no Apache errors
	/usr/sbin/apachectl configtest

	# and then reload Apache
	/etc/init.d/httpd reload
	# or on CentOS 7 the reload command is
	systemctl reload httpd

	# You can now setup a cron job / tab like
	vi crontab -e

	# and add a line like this, again, changing example.com and example to your values
	# Renew Letsencrypt SSL certs on the 22nd of each month at 5:25am
	# A certificate is good for 3 months, so you could run it every three months. For simplicity this example runs each month
	# but you could change the first * to something like 1,4,7,10
	25 5 22 * * /opt/letsencrypt/letsencrypt-auto certonly --debug --agree-tos --email [email protected] --renew-by-default -a webroot --webroot-path /home/example/public_html -d www.example.com -d example.com

	#You may find it necessary to run a cronjob to update Let's Encyrpt every month or so to prevent a situation where an out of date Let's Encyrpt causes a console message and breaks the auto renew. That would look something like

	20 5 22 * * cd /opt/letsencrypt && git pull