allella/gist:c50826d639cb17e1ebd9

## gistfile1.txt
# Change to the root user
su root

# EPEL is used by Letsencrypt auto to install packages it needs. This doesn't install anything, it just means
# extra packages in this Linux repo are available for installation
yum install epel-release

# Ideally you'd already have, or else install, Python 2.7 to avoid certain Python related messages, but if you
# don't want to bother it will work with Python 2.6
# See https://digitz.org/blog/lets-encrypt-ssl-centos-7-setup/ for more on Python 2.7 and CentOS
# IF you need to keep Python 2.6 then the --debug flag must be used. It won't hurt to always use --debug

# Download Let's Encrypt
cd /opt/ && git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt

# We'll now the run letsencrypt-auto command below and the first time it will install packages from the EPEL repository
# specify your domain values, email, and the public root path of your domain. Obviously, change example.com
# and the example email to your values. The first domain name (-d) is the "subject" and the second (-d) is
# the "Alternative". You can only specify 1 subdomain and the base domain. So, don't try adding multiple
# subdomains or a wildcard
# This will automatically agree to the Terms of Service so there are no UI prompts
/opt/letsencrypt/letsencrypt-auto certonly --debug --agree-tos --email email@example.com --renew-by-default -a webroot --webroot-path /home/example/public_html -d www.example.com -d example.com

# Backup your Apache confige files before you mess with them. SSL errors (or lack their of) can be hard to debug
# Then, for Apache users, you need to edit your Virtual Host and add three lines to link the certificate files with your domain
vi /etc/httpd/conf/httpd.conf

# add these, changing example.com for your domain/directory name
# not that IF you have multiple domains on the same IP address you may need to rework your Apache configuration
# like here, or Google it, https://gist.github.com/allella/b2de20d3df17a867f3c3
SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem

# and then check there are no Apache errors
/usr/sbin/apachectl configtest

# and then reload Apache
/etc/init.d/httpd reload
# or on CentOS 7 the reload command is
systemctl reload httpd

# You can now setup a cron job / tab like
vi crontab -e

# and add a line like this, again, changing example.com and example to your values
# Renew Letsencrypt SSL certs on the 22nd of each month at 5:25am
# A certificate is good for 3 months, so you could run it every three months. For simplicity this example runs each month
# but you could change the first * to something like 1,4,7,10
25 5 22 * * /opt/letsencrypt/letsencrypt-auto certonly --debug --agree-tos --email email@example.com --renew-by-default -a webroot --webroot-path /home/example/public_html -d www.example.com -d example.com

#You may find it necessary to run a cronjob to update Let's Encyrpt every month or so to prevent a situation where an out of date Let's Encyrpt causes a console message and breaks the auto renew.  That would look something like

20 5 22 * * cd /opt/letsencrypt && git pull
	# Change to the root user
	su root

	# EPEL is used by Letsencrypt auto to install packages it needs. This doesn't install anything, it just means
	# extra packages in this Linux repo are available for installation
	yum install epel-release

	# Ideally you'd already have, or else install, Python 2.7 to avoid certain Python related messages, but if you
	# don't want to bother it will work with Python 2.6
	# See https://digitz.org/blog/lets-encrypt-ssl-centos-7-setup/ for more on Python 2.7 and CentOS
	# IF you need to keep Python 2.6 then the --debug flag must be used. It won't hurt to always use --debug

	# Download Let's Encrypt
	cd /opt/ && git clone https://github.com/letsencrypt/letsencrypt && cd letsencrypt

	# We'll now the run letsencrypt-auto command below and the first time it will install packages from the EPEL repository
	# specify your domain values, email, and the public root path of your domain. Obviously, change example.com
	# and the example email to your values. The first domain name (-d) is the "subject" and the second (-d) is
	# the "Alternative". You can only specify 1 subdomain and the base domain. So, don't try adding multiple
	# subdomains or a wildcard
	# This will automatically agree to the Terms of Service so there are no UI prompts
	/opt/letsencrypt/letsencrypt-auto certonly --debug --agree-tos --email email@example.com --renew-by-default -a webroot --webroot-path /home/example/public_html -d www.example.com -d example.com

	# Backup your Apache confige files before you mess with them. SSL errors (or lack their of) can be hard to debug
	# Then, for Apache users, you need to edit your Virtual Host and add three lines to link the certificate files with your domain
	vi /etc/httpd/conf/httpd.conf

	# add these, changing example.com for your domain/directory name
	# not that IF you have multiple domains on the same IP address you may need to rework your Apache configuration
	# like here, or Google it, https://gist.github.com/allella/b2de20d3df17a867f3c3
	SSLCertificateFile /etc/letsencrypt/live/www.example.com/cert.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/www.example.com/privkey.pem
	SSLCertificateChainFile /etc/letsencrypt/live/www.example.com/chain.pem

	# and then check there are no Apache errors
	/usr/sbin/apachectl configtest

	# and then reload Apache
	/etc/init.d/httpd reload
	# or on CentOS 7 the reload command is
	systemctl reload httpd

	# You can now setup a cron job / tab like
	vi crontab -e

	# and add a line like this, again, changing example.com and example to your values
	# Renew Letsencrypt SSL certs on the 22nd of each month at 5:25am
	# A certificate is good for 3 months, so you could run it every three months. For simplicity this example runs each month
	# but you could change the first * to something like 1,4,7,10
	25 5 22 * * /opt/letsencrypt/letsencrypt-auto certonly --debug --agree-tos --email email@example.com --renew-by-default -a webroot --webroot-path /home/example/public_html -d www.example.com -d example.com

	#You may find it necessary to run a cronjob to update Let's Encyrpt every month or so to prevent a situation where an out of date Let's Encyrpt causes a console message and breaks the auto renew. That would look something like

	20 5 22 * * cd /opt/letsencrypt && git pull