When To Use Let's Encrypt

I'm starting my website up and know about Let's Encrypt. My question is would I install Let's Encrypt before or after my Apache2 and LAMP is installed?

Welcome @timlab1955

I moved your post to the Help category which is a better place. You would have been shown the below form. Please answer as much as you can.

I assure you it will help us to know more about your specific situation. Thanks

=============================

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):

The operating system my web server runs on is (include version):

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):

I'm using a control panel to manage my site (no, or provide the name and version of the control panel):

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

4 Likes

Thank you Mike for the move wasn't sure where to put it. As to answer your question, this is only a very general question. I know I have to do it after Apache2 is installed. But after that, should I go ahead and install Let's Encrypt or finish installing PHP and Sql or before or after I start to work on my site itself?
Thanks
Dan

1 Like

Yes, but it is a very general question with many possible answers. And, glad you now realize you must have Apache installed first.

First, you don't really "Install Let's Encrypt". Let's Encrypt is a Certificate Authority that issues certs using the ACME protocol.

You install an ACME Client. But, the kind of client depends on circumstances

Whether you finish your site after you get a cert or before is personal preference. You might also review the below topic if you have not yet

2 Likes

Hi @timlab1955, and welcome to the LE community forum :slight_smile:

There is no wrong answer.
But they each require very different considerations.

Path #1: Obtain the cert(s) first:

  • requires using DNS-01 authentication or HTTP-01 via --standalone option.
    ~ DNS-01 auth is rather intricate [requiring a DNS service that accepts updates via API and an ACME client that supports that specific DSP]
    ~ Using --standalone could become problematic during automated renewals; As the ACME service would need full use of port 80 [excluding Windows systems from this reply as you mentioned Apache]
  • requires certificate installation
    This can be done manually OR automated via running an ACME client that supports such installs again after the web server has been installed and configured for HTTP service.
    [you'd have to run the ACME client twice and know what you're doing in both cases]

Path #2: Obtain the cert(s) last:

  • requires using a functional web server OR DNS-01 authentication.
    ~ Using Apache web server is very common setup - supported by many ACME clients [for Linux]
    You can also use the --webroot option to place the challenge files directly where they can be served and not have the ACME client modify the running Apache configuration at all.
    Some ACME clients [like certbot] can also install the certificate into the web server [automating the creation of the secure vhost config]
    ~ DNS-01 auth is rather intricate [requiring a DNS service that accepts updates via API and an ACME client that supports that specific DSP]

If I had to pick one to recommend...
I'd choose Path #2 and use the --webroot option with certbot as the ACME client.

4 Likes

Thank you for that information. Just so you know I do have Shell Access. I'm doing this all on a Pi, and loving it. The only reason why I'm asking is because my last site was working great. Just the way I wanted it. This was back around Nov 2022. After I got it working and had it harden down and everything, I came back to it mmmmm Aug 2023 and found out it wasn't working anymore. Things just were not working like I had it before gaming time came around. Now I don't know if it's because I didn't recertify my Let's Encrypt cert again for another 90 days or a really good hacker got into my site and changed my coding around, I have no clue. So I'm actually starting from the beginning again and in order for me to start from the beginning again, I would like to do it correctly. Do I know what I'm doing? Yes and No. Meaning I started on my programming way back when the first home computers came out and got hooked. Then I started to break them down, repair them, etc. We are talking about the 70-90's. Then I got out of it and now (in 2021) started back up again and man things have changed a lot since then. I got my first Pi in 2021 and so far I've been able to run a few of my own websites and a NAS. Learning Luix was the hardest part, as when I started to program back in DOS days, couldn't understand C+, so I decided to learn (on my own) Basic. As the other poster to my question (rg305), I will answer him tomorrow.
Dan

1 Like

for about when to use: config panels password/admin setting done before getting certificate. certs are public information and within seconds cert signed bots will try default passwords so they can hack before you config it

5 Likes

I usually get the basic website working as http, then enable https. If using http validation most problems you might encounter are solved by having a working website first!

3 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.