(tried on Centos 6.9)

yum install openssl-devel libbsd-devel gnutls-devel
wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.6.0.tar.gz
#build libreesl to /usr/local/
make
make install
# follow https://spin.atomicobject.com/2016/09/20/openbsd-acme-client-lets-encrypt/
cat >/etc/ld.so.conf.d/local.conf <<EOF
/usr/local/lib/    
EOF
ldconfig

wget -O /etc/ssl/cert.pem 'https://raw.githubusercontent.com/libressl-portable/openbsd/master/src/lib/libcrypto/cert.pem'

acme-client: transfer buffer: [{ "type": "http-01", "status": "invalid", "error": { "type": "urn:acme:error:connection", "detail": "DNS problem: query timed out looking up A for www.eurospider.com", "status": 400 }, "uri": "https://acme-v01.api.letsencrypt.org/acme/challenge/x0oE6rQYMBh6qQIisSzqZecrRFkED-7u7Y-vuid5kKw/1713819082", "token": "IzPOcU-2sFKk65DAk3egE1g2j17f9K3V_pcG0KvrfjQ", "keyAuthorization": "IzPOcU-2sFKk65DAk3egE1g2j17f9K3V_pcG0KvrfjQ.xbEUn0BT4rXH5TjxcmmW1Yjoyb1GWDrQEByNfXawgRc", "validationRecord": [ { "url": "http://www.eurospider.com/.well-known/acme-challenge/IzPOcU-2sFKk65DAk3egE1g2j17f9K3V_pcG0KvrfjQ", "hostname": "www.eurospider.com", "port": "80", "addressesResolved": [], "addressUsed": "", "addressesTried": [] } ] }] (792 bytes)

CNAME DNS entries don't work, so we must provide the real machine as primary host,
everything else as SANs.

acme-client -v -n -N -F -b -e \
	-C /var/www/acme \
	-c /etc/ssl/acme \
	-k /etc/ssl/acme/private/privkey.pem \
	-f /etc/acme/privkey.pem www.eurospider.com eurospider.com innobib.news www.innobib.news www.tenders.ch 

-b create backups
-F is to update even if the current certificate is still valid
-e is needed to avoid revocation and expanding the list of SANs.

webserver:

main http.conf:

<Directory "/var/www/acme/.well-known/">
        Options None 
        AllowOverride None
        Order Deny,Allow
        Allow from All
        Header add Content-Type text/plain
</Directory>

for every domain we want a certificate for (in the non-SSL-version of the virtual
host configuration):

Alias /.well-known/acme-challenge/ /var/www/acme/

        RewriteEngine On
        RewriteCond %{HTTPS} !=on
        RewriteCond %{REQUEST_URI} !^/\.well\-known/acme\-challenge/
        RewriteRule ^/?(.*) https://%{SERVER_NAME}/$1 [R,L]


links
-----

https://www.metachris.com/2015/12/comparison-of-10-acme-lets-encrypt-clients/
https://medium.com/chris-opperwall/using-acme-client-for-letsencrypt-on-freebsd-db0ee643ef1f
https://kristaps.bsd.lv/acme-client/