Godaddy 10 name SSL cert moving to Let's Encrypt

Ubuntu 22.04.2
Apache 2
They are hosted at my house on an HP Server.

The server has the latest LAMP components for Wordpress 6.1.1. I am using Apache 2, PHP 8.2, Mariadb. My Godaddy SSL certificate support HSTS. I have 10 name certificate for the virtual host web sites. I have two different domain web sites. has multiple sub domain web sites. Will this be a problem with Let's Encrypt. Can certbot be setup to autorenew every 80 days? I read the docs so far I don't see an issue. What do I need to do not to have SSL issues.

Hi @scsiraidguru, and welcome to the LE community forum :slight_smile:

Not sure about what SSL issues you are expecting nor trying to avoid.

Neither do I.

That said, I'd first try all things out in staging [before moving anything to production].


certbot by default check every day and if there is a cert it issued that will expire in less than a month , it will renew them


Yes, to that question:

The default is to renew immediately after 60 days.
In effect, every 60 days.

The goal is to have everything automated so that it never drops below 30 days left.
Automation can be done in several different ways.
The simplest being HTTP-01 authentication.
If your sites can be reached via port 80 [HTTP], then that would be my first choice.

Again, if you are new to the ACME protocol and/or the client chosen, then you should do all your testing in the staging environment first.


Yes, the web server can get out through port 80. It forces traffic inbound to use 443. 60 days is fine.

I'm a little bit puzzled. Your HP server runs at your own premise. But you also speak about GoDaddy, which is a large hosting provider. Is GoDaddy only related to a TLS certificate you've bought of of them? Or is GoDaddy related in any other means?

Also, support for HSTS is on a webserver level, not on a certificate level. So I also don't understand the phrase "My Godaddy SSL certificate support HSTS.", could you perhaps explain a little bit more?


I should have been more clear. registered.

Certificate has,, and are all on the certificate.

Setup for my server

I am using TLS 1.2 and TLS 1.3 only.

I have a single 10 name SSL from Godaddy that all virtual hosts on this server uses. Multiple web sites configured on this single server. I am still reading through all the documentation for an Apache2 Ubuntu configuration for Let's Encrypt.

Not sure what Apache2 and Ubuntu have to do with your choice of certificate? A TLS certificate is a TLS certificate. Let's Encrypt supports up to 100 hostnames in the SAN extension. (Or a wildcard cert if you'd want to and it's feasible with regard to the dns-01 challenge.)

There are many, MANY ACME clients out there, some will work on Ubuntu and a lot of other Linux distributions (e.g. Certbot), others work on Windows. Some only require Bash and OpenSSL..

Also, the version of TLS is also a webserver configuration thing and is independent of the TLS certificate.

Ah, at the top of your first post you mention you're running Ubuntu. So that's where Ubuntu came from. Note that Let's Encrypt is a CA offering certs through an ACME endpoint and there are ACME clients as said above, such as Certbot. Those are distinct entities. There are also other (free) CAs offering certs using an ACME endpoint for example and you could use the same ACME client to get a cert of those CAs too. It's important to see the difference between an ACME server and ACME client.


How To Secure Apache with Let's Encrypt on Ubuntu 22.04

I found this document on it.

Please don't use relatively random guides on the internet, such as the one you've found. More often than not they're severely outdated, such as the one you've found. It's using apt for installing Certbot whereas the currently prefered method of installing Certbot is using snapd.

Please see for more information about Certbot, including up to date guide of installing the application.

The Certbot documentation at User Guide — Certbot 2.3.0 documentation is also a good read to understand Certbot better.


When you say "it forces" ... What exactly is forcing (and how)?

As written, that seems to be in the reverse direction.
ACME challenge requests use HTTP to reach the server.
[that can be redirected to HTTPS]
I don't think that HSTS preload registration is relevant within the ACME protocol specification.

The ACME client goes out through HTTPS.


I don't allow port 80 to the web sites. These lines are in the configuration file.

Redirect permanent /

Redirect permanent /

Redirect permanent /

That is allowing port 80 to the web server.
That is all that is needed from the ACME protocol.


BTW there is CAA recode blocking certificate reqeust anything other than godaddy on
remove it before get certificate from any other CA


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.