Resources     Blog  

  1. Home
  2. Knowledge Base
  3. SSL Certificates
  4. Let’s Encrypt Installation Process

Let’s Encrypt Installation Process

Let’s Encrypt uses a DNS-based verification system, and certain records are required for the installation to succeed. If you’re using the GreenGeeks nameservers, the required records are managed for you, and no changes are needed to issue your SSL certificate.

If you manage your domain’s DNS record outside of GreenGeeks and your Let’s Encrypt installation failed, a DNS record update will be needed. There are a few different ways to make the necessary change. Any of these methods will work.

Option 1: Change the Name Servers for the Domain(s)

This is the easiest method and the one that we recommend. It will allow you to install Let’s Encrypt as well as preventing any future renewal problems.

Important: If you have custom DNS records, re-create them on GreenGeeks before updating the nameservers for the domain.

You can change the name servers for your domain name at the registrar where you purchased the domain. Go to the registrar’s control panel and look for a setting called “name servers,” “custom name servers,” etc.

Here are the GreenGeeks name servers:

chi-ns1.greengeeks.com
chi-ns2.greengeeks.com
ams-ns1.greengeeks.com

If your registrar only provides two fields for name server settings (primary and secondary name servers), use the first two name servers in the above list.

If you have a reseller account you can use the anonymous websitehostserver.net name servers:

chi-ns1.websitehostserver.net
chi-ns2.websitehostserver.net
ams-ns1.websitehostserver.net

Option 2: Add _acme-challenge Name Server Records to Your DNS

If you cannot change your name servers to point to GreenGeeks as recommended as suggested in option 1, using NS-type records are the second-best option. This involves delegating the _acme-challenge subdomain to the GreenGeeks nameservers.

The NS records need to be created within the existing nameservers. If you’re using a 3rd party DNS provider such as Cloudflare, this is where the NS records would need to be created.

Add the following NS records within your existing DNS zone:

_acme-challenge.ggexample.com  NS: chi-ns1.greengeeks.com
_acme-challenge.ggexample.com  NS: chi-ns2.greengeeks.com
_acme-challenge.ggexample.com  NS: ams-ns1.greengeeks.com

Use your domain name in place of “ggexample.com” in the above entries.

Note that many 3rd party DNS providers do not have an option for the NS type of record in their front-end UI, but they can create such records manually upon request. If you don’t see an option for NS records, we suggest contacting the registrar or DNS provider for assistance in creating the records.

Once this is configured, the _acme-challenge NS type records allow GreenGeeks to control the DNS entries for _acme-challenge.ggexample.com, in order to automatically renew the LetsEncrypt SSL certificate without affecting the rest of your DNS configuration.

Option 3: Add TXT Records for Your Domain(s)

Note that GreenGeeks strongly advises AGAINST using this method(TXT record) as it requires a manual DNS update each time the records change, at a minimum every 60 days when the Let’s Encrypt certificate is renewed. Only use TXT verification if you have no other choice.

Let’s Encrypt uses a specific DNS TXT record for verification, and we can provide you with that record, or you can find the TXT record in the Zone Editor in cPanel.

For TXT verification, you’ll have to set one or two TXT records for _acme-challenge.ggexample.com that’ll need to be manually updated within your DNS zone.  Again, you’ll have to do this every 60~ days as the cert is renewed so we do not suggest using this method.

Contact technical support for assistance if you need help finding the TXT records.

Use your domain name in place of “ggexample.com” in the above example.

Option 4: Switch to a Premium Wildcard SSL Certificate

If none of the above methods work for you, there are traditional certificate alternatives to Let’s Encrypt. They aren’t free, but they have certain advantages over a Let’s Encrypt certificate.

You can add a premium wildcard certificate to your site in GreenGeeks.

If your question wasn’t answered in this article, please don’t hesitate to contact technical support.

Was this article helpful?

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.