PSA: disk encryption is not useful and/or effective at cloud providers. If asked by the police, they can dump you VM's RAM. KVM is also theirs so they can dump keystrokes if they want. They can also access physical disks and overwrite your bootloader/initrd.

If you need to host something sensitive, do it at a provider you trust and know or deploy your own hardware. Don't host stuff at home that you wouldn't want to be linked to you.