Some checks on your end must be done before ordering a Let’s Encrypt SSL certificate. This ensures that the certificate request will be verified and the certificate can be issued. Also, keep these checks in mind when developing your site. If something you’ve changed causes these checks to fail, reissuing Let’s Encrypt every three months will break.
Installation Process
The whole process of how Let’s Encrypt gets installed for your domain is as follows:
- An order for Let’s Encrypt on your domain is placed
- A validation file is placed in your .well-known directory
- The file gets validated over HTTP
- The Let’s Encrypt certificate gets issued
- The Let’s Encrypt certificate gets installed on your domain in the Servebolt Admin Panel
Prepare Your Environment for Let’s Encrypt Validation
Time needed: 10 minutes
- DNS
First, be sure that your domain is pointing to our server. The verification will not go through if it isn’t. You can always find which IP or hostname you need to point to under the server login information in our Admin Panel.
Also, check that you don’t have any AAAA and/or CAA records present for your domain. If you do, then these need to be removed.
NOTE: If you are using CDN services like Cloudflare or Sucuri, make sure that the DNS record is set to not proxy. If you use services like this, you can use our free self-signed option as an SSL instead. - .htaccess
Check your .htaccess file and see that nothing can interfere with the validation. This mainly concerns HTTP to HTTPS redirection, so be sure that the TXT file can be validated over HTTP. If you have redirection rules in place that need to be there, then you can follow this guide on excluding .well-known from being redirected.
- .htpasswd
If you’re using .htpasswd to hide your site behind a username and password then that will also interfere with the HTTP validation step. But we have also covered that in our guide on how you can bypass .well-known from that.
- Admin Panel redirects
Make sure that there are no “http -> https redirect” or “Domain-based redirect” configured in the Admin Panel of your site.
- Plugins
Check if you have any plugins that might interfere with SSL. If you have a plugin like Really Simple SSL for example, that can interfere with the traffic to your site. We highly suggest you uninstall plugins like this, as most of their behavior is better done on the server level.
- Testing the HTTP validation
When all the steps above have been completed, you can check the HTTP validation step with a test file. Simply make a TXT file that you place in .well-known. Then check if the TXT file is visible by requesting the path in your browser over HTTP:
Accessing SSH:
First log into your site with SSH:
Run command:touch ~/public/.well-known/test.txt
In your browser type in: http://your-domain-here.com/.well-known/test.txt
If you see a blank page and “not secure” where it should be a padlock (on the left side of your URL), you’re all set!
Here is how you would do this using SFTP:
First log into your site with SFTP:
Navigate to the.well-known
directory inside of your~/public/
directory. Right-click within the.well-known
directory and “Create a new file”. Call the file “test.txt
” for example.
In your browser type in: http://your-domain-here.com/.well-known/test.txt
If you see a blank page and “not secure” where it should be a padlock (on the left side of your URL), you’re all set! - Other certificates
Check that your domain doesn’t have any certificates already enabled. If it does, deactivate it. This will render your site insecure but fear not, the Let’s Encrypt certificate should validate within 10 minutes if everything else is correct.
- Ordering Let’s Encrypt
Now that you’ve followed all 7 steps, you’re ready to order a Let’s Encrypt SSL for your domain. If you are a Servebolt client already, reach out to our Support at servebolt.com and we’ll set it up immediately!