CentOS5.11配置Let's Encrypt免費證書

安裝環境：

[root@WQ02 opt]# lsb_release -a
LSB Version:	:core-4.0-amd64:core-4.0-ia32:core-4.0-noarch:graphics-4.0-amd64:graphics-4.0-ia32:graphics-4.0-noarch:printing-4.0-amd64:pri
nting-4.0-ia32:printing-4.0-noarchDistributor ID:	CentOS
Description:	CentOS release 5.11 (Final)
Release:	5.11
Codename:	Final

一、下載certbot-auto：

wget https://dl.eff.org/certbot-auto
chmod   a+x   ./certbot-auto

二、升級Python到2.7版本。Centos5系統Python爲2.4版本。certbot-auto須要依賴Python2.7+版本。

wget https://www.python.org/ftp/python/2.7.2/Python-2.7.2.tgz
tar xfz Python-2.7.2.tgz
./configure
make
make install

安裝後系統自動默認Python爲新版本。

[root@WQ02 opt]# python -V
Python 2.7.2

若是升級python後yum沒法使用時可按照以下方法處理。

vim /usr/bin/yum
將第一個行#!/usr/bin/python調整爲原來python版本。如#!/usr/bin/python2.4

我本服務器的python升級到2.7.2後yum可正常使用。

三、安裝pip

wget https://files.pythonhosted.org/packages/52/85/b160ebdaa84378df6bb0176d4eed9f57edca662446174eead7a9e2e566d6/pip-6.0.7.tar.gz
tar xfz pip-6.0.7.tar.gz
./configure
make
make install

四、開始安裝證書

[root@WQ02 opt]# ./certbot-auto certonly --webroot -w /www1/abc/ -d www.abc.org.cn
Bootstrapping dependencies for RedHat-based OSes... (you can skip this with --no-bootstrap)
yum is /usr/bin/yum
yum is hashed (/usr/bin/yum)
Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
 * epel: pubmirror2.math.uh.edu
Setting up Install Process
Package gcc-4.1.2-55.el5.x86_64 already installed and latest version
Package augeas-libs-1.2.0-1.el5.x86_64 already installed and latest version
Package augeas-libs-1.2.0-1.el5.i386 already installed and latest version
Package openssl-0.9.8e-40.el5_11.x86_64 already installed and latest version
Package openssl-0.9.8e-40.el5_11.i686 already installed and latest version
Package openssl-devel-0.9.8e-40.el5_11.x86_64 already installed and latest version
Package openssl-devel-0.9.8e-40.el5_11.i386 already installed and latest version
Package libffi-devel-3.0.5-1.el5.x86_64 already installed and latest version
Package libffi-devel-3.0.5-1.el5.i386 already installed and latest version
Package redhat-rpm-config-8.0.45-32.el5.centos.noarch already installed and latest version
No package ca-certificates available.
Package python-devel-2.4.3-56.el5.x86_64 already installed and latest version
Package python-devel-2.4.3-56.el5.i386 already installed and latest version
Package 1:python-virtualenv-1.7.2-2.el5.noarch already installed and latest version
Package python-tools-2.4.3-56.el5.x86_64 already installed and latest version
No package python-pip available.
Package 1:mod_ssl-2.2.22-jason.1.x86_64 already installed and latest version
Nothing to do
WARNING: unable to check for updates.
Creating virtual environment...
Traceback (most recent call last):
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 2441, in <module>
    main()
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 954, in main
    never_download=options.never_download)
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 1064, in create_environment
    search_dirs=search_dirs, never_download=never_download)
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 598, in install_setuptools
    search_dirs=search_dirs, never_download=never_download)
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 570, in _install_req
    cwd=cwd)
  File "/usr/lib/python2.4/site-packages/virtualenv.py", line 1032, in call_subprocess
    % (cmd_desc, proc.returncode))
OSError: Command /opt/eff.org/certbot/venv/bin/python2.7 -c "#!python
\"\"\"Bootstra...sys.argv[1:])
" --always-copy -U setuptools failed with error code 1

問題排查：問題是出如今Creating virtual environment...。即建立python虛擬環境時出錯的。問題找到了那麼手動提早安裝好虛擬環境是否是就能解決問題呢？

執行手動安裝

[root@WQ02 opt]#  pip install virtualenv
Collecting virtualenv
  Could not find any downloads that satisfy the requirement virtualenv
  No distributions at all found for virtualenv

仍是失敗，問題緣由是沒有找到對應的下載包。

嘗試更改成國內的鏡像站https://mirrors.tuna.tsinghua.edu.cn/help/pypi/。果真成功了。

[root@WQ02 opt]# pip install -i https://pypi.tuna.tsinghua.edu.cn/simple virtualenv
Collecting virtualenv
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/6a/d1/e0d142ce7b8a5c76adbfad01d853bca84c7c0240e35577498e20bc2ade7d/virtualenv-16.2.0
-py2.py3-none-any.whl (1.9MB)    100% |################################| 1.9MB 147kB/s 
Collecting setuptools>=18.0.0 (from virtualenv)
  Downloading https://pypi.tuna.tsinghua.edu.cn/packages/37/06/754589caf971b0d2d48f151c2586f62902d93dc908e2fd9b9b9f6aa3c9dd/setuptools-40.6.3
-py2.py3-none-any.whl (573kB)    100% |################################| 573kB 252kB/s 
Installing collected packages: setuptools, virtualenv
  Found existing installation: setuptools 12.0.3
    Uninstalling setuptools-12.0.3:
      Successfully uninstalled setuptools-12.0.3

將國內的鏡像站設爲默認。先升級pip到最新版本，而後配置config設置。

[root@WQ02 opt]# pip install -i https://pypi.tuna.tsinghua.edu.cn/simple virtualenv pip -U
[root@WQ02 opt]# pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
Writing to /root/.config/pip/pip.conf

五、一切OK，繼續安裝證書。

[root@WQ02 opt]# ./certbot-auto certonly --webroot -w /www1/abc/ -d www.abc.org.cn
WARNING: unable to check for updates.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator webroot, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): abc@163.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for www.dxaldqrmyy.org.cn
Using the webroot path /www1/abc for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/www.abc.org.cn/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/www.abc.org.cn/privkey.pem
   Your cert will expire on 2019-04-21. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot-auto
   again. To non-interactively renew *all* of your certificates, run
   "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

後續配置方法參考：

一、CentOS系統Nginx配置免費https證書

二、CentOS配置Https

三、Nginx+Tomcat實現免費https訪問