@tlrenkensebastian, I made a very rough draft based on the three situations I mentioned above. (Some parts are a little duplicative with some of the EFF Certbot documentation, which also has a glossary and a lot of glossary links, whereas this draft generally doesn't define many terms or concepts.)
Let me know if you think there's anything potentially useful here, and, if so, we could keep working on this to improve its usefulness further.
Preparing Your Site for a Let's Encrypt Certificate
This document is meant to provide some more context and suggestions for people who are planning to get a Let's Encrypt certificate for the first time, but haven't started the process yet.
We're assuming that your goal in getting a certificate from Let's Encrypt is to use it to enable HTTPS on a public web site, without resulting in browser security errors. This is by far the most common way to use Let's Encrypt's services (although they can also be used to enable secure connections to some other kinds of Internet services).
To find the most relevant information, check which of these cases best describes your situation. If you need more help or clarification, you can also visit the Let's Encrypt Community Forum and ask about whatever you didn't understand.
Situation 1: I'm just beginning to create my web site; my web site isn't operational yet
In order to run a public web site, you typically need a domain name and a web hosting provider. The domain name is usually purchased from a domain registrar (although in some cases you might get a subdomain from someone else, like your employer when setting up a site as part of your job). The domain registrar and web host could either be the same company or different companies.
If you haven't picked out a web host yet, we suggest that you take a look at the lists of web hosts who support Let's Encrypt from EFF or on the Let's Encrypt Community Forum. (These lists are based on the same data, but they present it differently.) These lists collects web hosting companies that offer Let's Encrypt as an automatic, built-in part of their web hosting plans. If you use one of these plans, you should be able to get a certificate and HTTPS support automatically and not have to do anything else!
If you've already chosen a web host but it isn't one on the list above, ask your web host's support about the options for HTTPS with your hosting plan. Your web host's support team should understand the options well and be able to give you appropriate advice for your situation. If not, consider switching hosting providers!
If you intend to use a dedicated server or VPS plan (where you are the system administrator, responsible for installing and configuring all the software on the web server), you should go ahead and get your site up and running with HTTP, and then skip down to "Situation 2" below. This also applies in the case where you've chosen to host your website out of your own home from a personal server. (A dedicated server or VPS usually isn't the best choice unless you're experienced with server administration. If you're getting one in order to follow a tutorial in order to set up a particular kind of site or service, check if that tutorial already has information about how to get a Let's Encrypt certificate. If so, you're probably best off following that tutorial, or working with the tutorial authors to improve it so it's more appropriate for your situation.)
Situation 2: My web site is available (works in a browser) over HTTP, but not over HTTPS
Congratulations on getting your site up and running!
Your options for switching your existing site from HTTP to HTTPS with a certificate from Let's Encrypt depend a lot on how your site is hosted and how you administer it. That can include the software environment used to host your site, your web host's policies, and the degree of administrative access that you have to the web server. Here are some possibilities that might affect your next step:
Do you, maybe, already have HTTPS working? Try going to your web site in a browser with
https:// instead of
http:// and see if it works! You might be pleasantly surprised if it turns out you were using a web host or web server software that already took care of this for you without even telling you.
Are you using a control panel? (This is a web-based interface that lets you configure or administer your web site by navigating to a particular web address in a browser.) In this case, the best case is likely to be an existing option inside the control panel that lets you turn on HTTPS from there. If you can't find such an option in your settings, check the documentation for the control panel's software, or ask your web host's support where it is (or whether the web host has deliberately disabled it).
Do you (or can you) administer your web server? (This typically means having access to a root shell or administrator account, and may mean that you or your site are the primary or only user of that server machine, as contrasted with "shared hosting".)
The recommended way to obtain a Let's Encrypt certificate on a server where you are the administrator is by installing a Let's Encrypt client application. This is a software application that runs on your web server machine and requests certificates from Let's Encrypt for you. There are many different options available, suitable for different environments and experience levels.
Whichever way you decide to proceed, you should also be aware of the potential pitfall of "mixed content". Mixed content refers to the situation where a site accessed over HTTPS references resources (like images, scripts, or stylesheets) located at HTTP URLs. For example, if your site's HTML contains
<img src="http://example.com/image.jpg">, this will create a mixed content issue once you activate HTTPS because of the hard-coded HTTP address. The typical symptom of mixed content is an error or warning message from a browser when accessing an HTTPS site with this problem, and possibly reduced site functionality or partly broken rendering of a site's content. Before or immediately after switching your site to HTTPS, try to check your pages' HTML to ensure that there aren't hard-coded HTTP URLs left there. If your site's code is generated by a template or CMS, you may be able to change a single setting (such as the "site" or "base" URL) to fix this problem everywhere in your code all at once.
Situation 3: My web site is available (works in a browser) over HTTPS; I have an existing certificate from a different certificate authority and am thinking of switching to Let's Encrypt
Let's Encrypt is a little different from most other certificate authorities. One difference is that Let's Encrypt certificates are always free of charge; Let's Encrypt doesn't charge you any fee for issuing them.
Another difference is that Let's Encrypt certificates are only issued using special software applications (called "Let's Encrypt clients" or "ACME clients"), which can automate all or some of the process. They're not issued by contacting (or providing documentation to) a human being working for the certificate authority, and they're not issued by completing forms on the certificate authority's own web site.
Another difference is that they last for only 90 days (not longer periods such as 12 months, which you might encounter with other certificate authorities). This is meant to promote automation, by integrating software with your web server to renew your certificate automatically before it expires, ideally without any intervention on your part. Like your original certificate, the replacement certificates will always be provided free-of-charge.
Check your web host's documentation, or ask your web host's support, to find out if your existing hosting environment already supports Let's Encrypt somehow, making it easy to switch over. For example, on some web hosts, you might be able to enable Let's Encrypt by setting an option in a web-based control panel.
Otherwise, the recommended way to proceed is installing an ACME client application on your web server. If you can't install new software directly on your web server, and you don't already have Let's Encrypt software support in your hosting environment, switching to Let's Encrypt may be inconvenient or difficult -- especially if that means that you don't have a way to make the relatively frequently-required renewals happen automatically. But in any case, if you decide to proceed, you can follow the suggestions in situation 2, above.