# Let's Encrypt Certificates
# Overview
Every domain on a website (including staging websites) that has its DNS pointed to a server in your Enhance cluster will automatically request a Let's Encrypt SSL certificate (opens new window).
A certificate will be requested at the point of creation. It can take up to 5 minutes for a certificate to be provisioned, during this time a self signed certificate will be issued.
All Let's Encrypt certificates are issued for 3 months. Enhance will automatically request a new certificate 3 days prior to expiry.
When a Let's Encrypt certificate is requested it uses the servers own DNS resolver. In some cases, for example if the DNS has recently been update this may cause a delay in provisioning as the previous DNS will have been cached.
A Let's Encrypt SSL certificate is also automatically provisioned for mail.{customer_domain} on the server the mail is hosted.
# Request a Let's Encrypt Certificate
WARNING
In the case where a certificate fails to provision a backoff exists to help protect from rate limiting. After the first request failure, the frequency of requests will be limited in minutes to the number of failures squared.
A Let's Encrypt certificate can be manually be requested for a domain:
- Open Websites in the left sidebar
- Select the website you would like to request a certificate for
- On the website dashboard select Advanced then Security
- Scroll to SSL certificates
- Here you will see all existing SSL certificates for the domains on the website. Select the kebab menu and select Request Let's Encypt Certficate
# Troubleshooting
A Let's Encrypt certificate has not been issued (opens new window)
A Let's Encrypt certificate failed to renew (opens new window)