# LetsEncrypt SSL Certificate

LetsEncrypt is a free service that allows getting a valid signed certificate automatically. This is done using port 80 on the Pritunl server to verify the domain ownership. The certificate will then automatically renew every 80 days. Before setting the LetsEncrypt domain the dns settings for the domain must point to the public ip address of the Pritunl server. If a firewall is used port 80 must be publicly open. For the certificate to be able to automatically renew the firewall and dns settings will need to be properly configured. After setting the LetsEncrypt domain the Pritunl server will generate a signed certificate and automatically restart the web server. The certificate will be configured on all the hosts in an Enterprise cluster.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.pritunl.com/kb/vpn/system/letsencrypt-ssl-certificate.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.