Walkthrough re-encrypting existing ext4 partition: https://medium.com/bobble-engineering/ubuntu-root-partition-encryption-using-luks-and-dm-crypt-f45130373e68 Types of LUKS usage. https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system#LVM_on_LUKS
There are 97 ways to do everything. This is the path I have personally taken to get from a fresh Ubuntu 14.04 to perform release upgrades through 22.04
The first instance of Ubuntu doesn't really matter, however the default parition sizes used by 14.04 were too small for the release upgrade to use.
Ubuntu 14.04 has an option to encrypt and LVM the root folder. It creates a 500MB /boot part /dev/sda1, a 200MB EFI part /dev/sda2, and the rest an LUKS part /dev/sda3 with LVM /dev/vg-ubuntu on top of it.
Ubuntu 16.04 do-release-upgrade complained that the /boot part was too small and should be 1GB or larger.
I was uncomfortable attempting to resize the encrypted partition.
Ran Ubuntu 14.04 install again, this time creating partions myself but not encrypting /dev/sda3 (EFI 200MB /dev/sda1, /boot 2G /dev/sda2, LVM PV /dev/sda3)
Then I found cryptsetup-rencrtyp claimed /dev/sda3 was in use (probably by the lvm).
Used fsarchiver to backup /dev/vg-ubuntu/root.
Re-created /dev/sda3 as an LUKS and created a new VG/LVM and restored from backup.
Used bobble-engineering's blog to set /etc/crypttab and /etc/default/grub with UUID of /dev/sda3.
Since /etc/fstab looked for /dev/vg-ubuntu rather than a UUID, Ubuntu was none the wiser about entering passphrase.