This is a procedure to install and set up acme.sh on CentOS 6. This replaces the previous method "certbot" which is no longer supported on CentOS 6.
First, install socat:
# yum install socat
Install acme.sh
# curl https://get.acme.sh | sh
This will create a hidden folder called .acme.sh in your home directory that will contain all of the files, certificates, and keys needed for certification.
Next issue the certificates for each site. Replace /path/to/your/webroot with your actual path. For example:
# cd ~/.acme.sh # ./acme.sh --issue -d shop.gwcox.com.au -w /var/www/html/gwc0x --server letsencrypt
Install the certificates
# ./acme.sh --install-cert -d shop.gwcox.com.au --cert-file /etc/acme/shop.gwcox.com.au/cert.pem --key-file /etc/acme/shop.gwcox.com.au/key.pem --fullchain-file /etc/acme/shop.gwcox.com.au/fullchain.pem
This will install the certificates to /etc/acme/shop.gwcox.com.au (use a more appropriate directory name). Next, you will need to add SSL version of the lines to your /etc/httpd/conf/httpd.conf
First make sure you have the following lines:
LoadModule ssl_module modules/mod_ssl.so Listen 443
Then duplicate your <Virtualhost *:80> lines and change 80 to 443. Add the SSL lines
<VirtualHost *:443>
ServerAdmin webmaster@gwcox.com.au
DocumentRoot /var/www/html/gwc0x
ServerName shop.gwcox.com.au
<Directory /var/www/html/gwc0x>
Options FollowSymLinks MultiViews ExecCGI
AllowOverride Options
Order allow,deny
Allow from all
</Directory>
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCertificateFile /etc/acme/shop.gwcox.com.au/cert.pem
SSLCertificateKeyFile /etc/acme/shop.gwcox.com.au/key.pem
SSLCertificateChainFile /etc/acme/shop.gwcox.com.au/fullchain.pem
SSLCACertificateFile /etc/acme/shop.gwcox.com.au/fullchain.pem
ErrorLog logs/shop.gwcox.com_SSL-error_log
CustomLog logs/shop.gwcox.com_SSL-access_log common
</VirtualHost>Restart apache
# service httpd restart
Use an online test site to test, such as https://www.ssllabs.com/ssltest/