How to order Let’s Encrypt

Note that Let’s Encrypt is currently a Beta feature and unforeseen issues and bugs might be present. Also be aware that Let’s Encrypt is something that will be reissued every three months, meaning your site can break if your site isn’t correctly configured for this. For more information about our Beta feature programs, go to this article. Servebolt provides a range of other, more robust SSL options as well.

Some checks on your end need to be done before you order a Let’s Encrypt SSL certificate. This ensures that the certificate request will be verified and the certificate can be issued. Also keep these checks in mind when developing your site. If something you’ve changed causes these checks to fail, the reissuing of Let’s Encrypt will break.

The whole process on how Let’s Encrypt get installed for your domain is as follows:

  1. An order for Let’s Encrypt on your domain is placed
  2. A validation file is placed in your .well-known folder
  3. The file gets validated over HTTP
  4. The Let’s Encrypt certificate gets issued 
  5. The Let’s Encrypt certificate get installed on your domain in our Control Panel

Time needed: 10 minutes.

  1. DNS

    First be sure that your domain is pointing to our server. The verification will not go through if it isn’t. You can always find which IP or hostname you need to point to under the server login information in our Control Panel.

    Also check that you don’t have any AAAA and/or CAA records present for your domain. If you do, then these need to be removed.

    NOTE: If you are using CDN services like Cloudflare or Sucuri, make sure that the DNS record is not set to proxy. If you are using services like this you can use our free self-signed option as an SSL instead.

  2. .htaccess

    Check your .htaccess file and see that there isn’t anything that can interfere with the validation. This mainly regards HTTP to HTTPS redirection. So be sure that the TXT file can get validated over HTTP. If you have redirection rules in place and these need to be there, then you can follow this guide on how to exclude .well-known from being redirected.

  3. .htpasswd

    If you’re using .htpasswd to hide your site behind a username and password then that will also interfere with the HTTP validation step. But we have also covered that in our guide here on how you can bypass .well-known from that.

  4. Control Panel redirects

    Make sure that there is no “http -> https redirect” or “Domain-based redirect” configured in the Control Panel of your site.

  5. Plugins

    Check if you have any plugins that might interfere with SSL. If you have a plugin like Really Simple SSL for example, that can interfere with the traffic to your site. We highly suggest you uninstall plugins like this, as most of their behaviour is better done on the server level.

  6. Pre-test

    If all of the steps above have been done correctly you can check the HTTP validation step with a test file. Simply make a TXT file which you place in .well-known. Then check if the TXT file is visible by requesting the path in your browser over HTTP:

    Here’s how you would do this using SSH:

    First log into your site with SSH:
    Run command: touch ~/public/.well-known/test.txt
    In your browser type in: http://your-domain-here.com/.well-known/test.txt
    If you see a blank page and “not secure” where it should be a padlock (on the left side of your URL), you’re all set!

    Here is how you would do this using SFTP:

    First log into your site with SFTP:
    Navigate to the .well-known folder inside of your ~/public/ directory. Right click within the .well-known folder and “Create a new file”. Call the file “test.txt” for example.
    In your browser type in: http://your-domain-here.com/.well-known/test.txt
    If you see a blank page and “not secure” where it should be a padlock (on the left side of your URL), you’re all set!

  7. Other certificates

    Check that your domain doesn’t have any certificates already enabled. If it does, deactivate it. This will render your site insecure but fear not, the Let’s Encrypt certificate should validate within 10 minutes if everything else is correct.

  8. Ordering Let’s Encrypt

    Now that you’ve followed all 7 steps, you’re ready to order a Let’s Encrypt SSL for your domain. If you are a Servebolt client already, reach out to our Support at servebolt.com and we’ll set it up right away!

Give us your feedback on this article