Let's Encrypt is an awesome new project that will enable automated ssl cert deployments, which will make life as a sysadmin much easier.

I've issued my first certificates under the beta testing of the lets encrypt project. The certificates can be viewed at https://sks.mj2.uk and https://pgp.mj2.uk.

From code checkout to the the issueing of the certs took me a couple of hours, the hickups I had was 1. with the various libary dependencies, 2. with a header request on the auth request. For the libaries I spawned a new Centos 7 vm, performed a yum update and had no issues. For the header request I had to ensute the Content-Type header returned text/plain without a charset.

Centos 7 Working Client

[mike@test1005 letsencrypt]$ cat /etc/redhat-release
CentOS Linux release 7.1.1503 (Core)

[mike@test1005 letsencrypt]$ python --version
Python 2.7.5

[mike@test1005 letsencrypt]$ ./letsencrypt-auto

IMPORTANT NOTES:
 - If you lose your account credentials, you can recover through
   e-mails sent to mj@mikejonesey.co.uk.
 - The following 'connection' errors were reported by the server:

   Domains: sks.mj2.uk
   Error: The server could not connect to the client for DV

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address. Additionally, please check that
   your computer has a publicly routable IP address and that no
   firewalls are preventing the server from communicating with the
   client.
 - Your account credentials have been saved in your Let's Encrypt
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Let's
   Encrypt so making regular backups of this folder is ideal.

This was followed by the error;

No installers are available on your OS yet; try running "letsencrypt-auto certonly" to get a cert you can install manually

[mike@test1005 letsencrypt]$ ls /etc/letsencrypt/
accounts  csr  keys  renewal

./letsencrypt-auto -a manual -d sks.mj2.uk --agree-dev-preview auth

At this point there is a small amount of text output that will inform you of a token and where to place the token on your web server. This token must be availible with the exact header Content-Type: plain/text (not Content-Type: plain/text; charset: UTF8)

[mike@test1005 letsencrypt]$ ls /etc/letsencrypt/
accounts  archive  csr  keys  live  renewal

The certificate was issued and can be viewed here;
https://crt.sh/?id=10544134

Centos 6, failed attempt; pastelog

[mike@test1001 letsencrypt]$ cat /etc/issue
CentOS release 6.6 (Final)
Kernel r on an m

python setup.py egg_info

Updating letsencrypt and virtual environment dependencies.....Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-Q2xo5B/ConfigArgParse

sudo yum install python-pip
sudo pip install --upgrade setuptools

sudo yum update (test box, don't care...)

[mike@test1001 letsencrypt]$ cat /etc/issue
CentOS release 6.7 (Final)
Kernel r on an m

[mike@test1001 letsencrypt]$ sudo pip install --upgrade setuptools
You are using pip version 7.1.0, however version 7.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
/usr/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
Requirement already up-to-date: setuptools in /usr/lib/python2.6/site-packages

sudo pip install requests[security]

[mike@test1001 letsencrypt]$ sudo pip install --upgrade setuptools
/usr/lib64/python2.6/site-packages/cryptography/__init__.py:25: DeprecationWarning: Python 2.6 is no longer supported by the Python core team, please upgrade your Python.
  DeprecationWarning
You are using pip version 7.1.0, however version 7.1.2 is available.
You should consider upgrading via the 'pip install --upgrade pip' command.
Requirement already up-to-date: setuptools in /usr/lib/python2.6/site-packages

sudo pip install --upgrade pip

[mike@test1001 letsencrypt]$ ./letsencrypt-auto
Updating letsencrypt and virtual environment dependencies.....Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-T45S6p/ConfigArgParse

sudo easy_install -U setuptools

[mike@test1001 letsencrypt]$ ./letsencrypt-auto
...


wget https://bootstrap.pypa.io/get-pip.py
python get-pip.py

wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py
python ez_setup.py

sudo pip install django

[mike@test1001 letsencrypt]$ ./letsencrypt-auto
Updating letsencrypt and virtual environment dependencies.../home/mike/.local/share/letsencrypt/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
./home/mike/.local/share/letsencrypt/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
./home/mike/.local/share/letsencrypt/lib/python2.6/site-packages/pip/_vendor/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
  InsecurePlatformWarning
Command "python setup.py egg_info" failed with error code 1 in /tmp/pip-build-jTLw4q/ConfigArgParse

sudo pip install requests==2.5.3

sudo python ez_setup.py install virtualenvwrapper

....