I decided that it was time to stop paying $400-$500 a year on Godaddy Certificates and switch to Let’s Encrypt. It was a big change from 2 year certificates to those that renew every 90 days. Many changes needed to be made in order to get Let’s Encrypt to work.
I spent time fixing the DNS entries on Godaddy.com for each of my domains. I added CAA record for letsencrypt.org similar to the one for godaddy.com. I had to fix issues in the conf file that the apache 2 config test didn’t find.
Make sure all redirects end in /
<VirtualHost *:80>
ServerName mc.scsiraidguru.com
Redirect permanent / https://mc.scsiraidguru.com/
</VirtualHost>
I had to add SSLCACertificateFile to complete the chain
SSLCACertificateFile /etc/letsencrypt/live/xxxx.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/xxxx.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxxx.com/privkey.pem
Add to protocols
SSLProtocol -all +TLSv1.3 +TLSv1.2
Protocols h2 h2c http/1.1 acme-tls/1