> For the complete documentation index, see [llms.txt](https://docs.certinext.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.certinext.io/documentation/certificate-authorities-and-trust-stores/supported-public-certifying-authorities/lets-encrypt.md).

# Let's Encrypt

The Let’s Encrypt CA Connector enables CERTInext to integrate directly with Let’s Encrypt using the ACME (Automatic Certificate Management Environment) protocol for automated SSL/TLS certificate lifecycle management. Once configured, CERTInext can communicate securely with Let’s Encrypt services to automate certificate issuance, renewal, validation, and lifecycle tracking directly from the CERTInext platform.

This integration helps organizations simplify public SSL/TLS certificate management while leveraging Let’s Encrypt’s free and automated certificate services.

Typical use cases include:

* Automated SSL/TLS certificate issuance
* ACME-based certificate automation
* Web server certificate management
* Short-lived certificate renewals
* Public website security automation
* DevOps and cloud-native certificate provisioning

## Accessing the Let’s Encrypt Connector

To configure a Let’s Encrypt connector:

1. Navigate to **Integrations → CA Connectors → Let’s Encrypt**
2. Click **Create CA Connector**

This opens the Let’s Encrypt connector configuration page where ACME connectivity and account details are configured.

## Let’s Encrypt Connector Configuration Fields

The following fields are required when creating a Let’s Encrypt connector.

<figure><img src="/files/n8IppT6H7oCJ9Om5PGp4" alt=""><figcaption></figcaption></figure>

### Name

Defines a unique name for the connector configuration.

Example:

```
LetsEncrypt Production Connector
```

This name is used internally within CERTInext to identify the integration.

### ACME Environment

Specifies the Let’s Encrypt ACME environment to be used.

Available options include:

#### **Production**

Used for live certificate issuance from Let’s Encrypt’s production environment.

Certificates issued from this environment are publicly trusted and intended for real production workloads.

#### **Staging**

Used for testing and validation purposes.

The staging environment helps administrators validate automation workflows without hitting production rate limits. Certificates issued from staging are not publicly trusted.

> It is recommended to use the Staging environment during initial configuration and testing.

#### Contact Email

Specifies the administrator or operational contact email address associated with the ACME account.

Example:

```
admin@example.com
```

This email may be used by Let’s Encrypt for important notifications such as:

* Expiry alerts
* ACME account notices
* Operational communications

## Testing the Connector

After entering all required details:

1. Click **Test Connection**
2. CERTInext validates:
   * ACME endpoint connectivity
   * Let’s Encrypt environment access
   * Account registration capability
   * API communication availability

If the validation succeeds, the connector can be saved and used for certificate operations.

## Certificate Operations Supported

Once configured, the Let’s Encrypt connector enables CERTInext to perform:

* Automated certificate issuance
* Domain validation workflows
* ACME challenge handling
* Certificate renewal
* Certificate revocation
* Lifecycle monitoring
* Certificate inventory tracking

These operations are executed through secure ACME-based communication between CERTInext and Let’s Encrypt.

## Domain Validation Support

The Let’s Encrypt connector supports automated domain validation using standard ACME validation methods, including:

* DNS-based validation
* HTTP-based validation

CERTInext can coordinate validation workflows using supported DNS connectors and automation capabilities.

## Operational Flow

The typical certificate lifecycle workflow using the Let’s Encrypt connector is:

```
CERTInext → ACME Validation → Let’s Encrypt → Certificate Issuance → Lifecycle Tracking
```

For automated environments, CERTInext can streamline the entire issuance and renewal lifecycle with minimal manual intervention.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.certinext.io/documentation/certificate-authorities-and-trust-stores/supported-public-certifying-authorities/lets-encrypt.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.