TL;DR – Let’s Encrypt requires a newer version of OpenSSL than CentOS 5 has installed. Unless you want to pass around with compiling OpenSSL yourself, don’t try it.
Installing Python 2.7 on CentOS 5
What we want to do: get letsencrypt installed. However, it requires(*) python 2.7, so we’re getting that on CentOS 5 first:
Thankfully, Inline with Upstream Stable that python 2.7 for CentOS 5, so we’re just going to use their work. Start by getting the RPM install file:
Install the repo. Unfortunately, IUS don’t appear to expose their GPG key to import it early, so we have to disable the key check while installing it:
yum -y --nogpgcheck localinstall ius-release-1.0-14.el5.noarch.rpm
Then, install python 2.7 & some dependencies we need:
yum install python27 python27-pip python27-virtualenv git gcc
For some reason the pip package didn’t install the /usr/bin/pip script, so I had to go to
/usr/lib/python2.7/site-packages and run
python2.7 pip install --upgrade --force-reinstall pip
Installing Let’s Encrypt on CentOS 5
At this point we have a working Python 2.7 install, so we can go ahead and setup letsencrypt:
LE_PYTHON=python2.7 ./letsencrypt-auto – the LE_PYTHON variable is to force it to use the Python27 install. (Side note: it installed the default package versions, like python-2.4-devel, and gcc-4.1)
It’s important to note that if anything goes wrong, run
rm -rf ~/.local/share/letsencrypt to blow away the virtualenv. letsencrypt will automatically reinstall everything for you.
Not updating OpenSSL on CentOS 5
Unfortunately, at this point I hit an OpenSSL error –
AttributeError: 'module' object has no attribute 'SSL_set_tlsext_host_name'. As it turns out, the version of OpenSSL in CentOs 5 is just too old.
Unlike Python, there’s no easy alternative, or updated OpenSSL package that I know of that’s a drop in replacement. With a choice between
unalias, for when I tried to alias pip to python2.7 pip
--force-reinstall flag for pip , along with
--upgrade a lot shorter