
Ask HN: Easiest and least painful way of adding Lets Encrypt? - turshija
I have a Debian box (LAMP) with some legacy PHP sites where I want to put Lets Encrypt SSL. What is the most painful way of doing that without disturbing any site that&#x27;s currently running on it ? Is there any tool or script which does most of the job so that I don&#x27;t have to fiddle a lot with Apache&#x2F;PHP config and risk to break something ? Thanks
======
patmcc
[https://caddyserver.com/](https://caddyserver.com/) \- Caddy works pretty
nicely, and you should be able to use it as a reverse proxy in front of
apache.

------
codegeek
Use this to get exact instructions for your setup:

[https://certbot.eff.org/](https://certbot.eff.org/)

------
stephenr
Personally I use haproxy to forward all LE related requests to certbot in
standalone mode.

My email is in my profile if you want to try this and need some help.

------
hackerboos
You can use the certbot on your local machine and setup a txt record on the
DNS of the domain.

Let's Encrypt will verify ownership against that text entry.

------
Emc2fma
Warning for anyone trying to add Lets Encrypt to GCP - absolute nightmare.
Would not recommend.

~~~
marcc
Are you willing to share some details about the challenges you had?

~~~
Emc2fma
Currently, there isn't any built-in support with AppEngine. The steps you have
to go through to ssh in and verify ownership is just a hassle.

------
kim0
kube-lego for kubernetes is just awesome!

