I decided that it was time to stop paying $400-$500 a year on Godaddy Certificates and switch to Let’s Encrypt. It was a big change from 2 year certificates to those that renew every 90 days.  Many changes needed to be made in order to get Let’s Encrypt to work. 

I spent time fixing the DNS entries on Godaddy.com for each of my domains.  I added CAA record for letsencrypt.org similar to the one for godaddy.com.  I had to fix issues in the conf file that the apache 2 config test didn’t find. 

Make sure all redirects end in /

<VirtualHost *:80>
ServerName mc.scsiraidguru.com
Redirect permanent / https://mc.scsiraidguru.com/

I had to add SSLCACertificateFile to complete the chain

SSLCACertificateFile /etc/letsencrypt/live/xxxx.com/chain.pem
SSLCertificateFile /etc/letsencrypt/live/xxxx.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxxx.com/privkey.pem

Add to protocols

SSLProtocol -all +TLSv1.3 +TLSv1.2
Protocols h2 h2c http/1.1 acme-tls/1