--- title: "Enabling HTTPS with Let’s Encrypt SSL certificate on your website" date: "2025-02-05T23:47:27+00:00" summary: image: type: "article" url: "/acquia-cloud-platform/help/92931-enabling-https-lets-encrypt-ssl-certificate-your-website" id: "fe3dfc41-5015-4897-85b9-d4b48aad8022" --- [Let's Encrypt](https://letsencrypt.org/), is a Certificate Authority that provides free certificates, and has a mission of enabling SSL everywhere. This article is intended as a guide to assist with the installation of the LetsEncrypt SSL certificate on to the Acquia Cloud platform. **Note** that this guide assumes you are using OSX/Linux for creating certificate locally. 1. [Download certbot](https://certbot.eff.org/) a command line tool from the [EFF](https://www.eff.org/) for managing SSL certificates with Let's Encrypt. Select **_Apache_** and then your appropriate OS from the dropdown. 2. Run `sudo certbot certonly --manual --preferred-challenges dns --cert-name -d ` replacing <`DOMAIN>` with your real domain you want the certificate to cover. You will be presented with:  ------------------------------------------------------------------------------- NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? ------------------------------------------------------------------------------- (Y)es/(N)o: Y Select Y in order to continue.  A Warning Note After selecting Y and pressing enter the script will show you the data and DNS TXT entry to create and a message: "Press Enter to Continue" **Do NOT press enter to continue.** You will be presented with:  - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Please deploy a DNS TXT record under the name _acme-challenge. with the following value: Before continuing, verify the record is deployed. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue 3. At this point, login to your DNS provider and create a new TXT entry for the domain with title _**\_acme-challenge.**_ and value displayed under as ![DNS TXT record setup for ACME challenge, showing fields for name "_acme-challenge" and placeholder content "".](https://acquia.widen.net/content/426f90b3-f306-4f54-9fd5-80fda17af7e7/web/ka0Pb0000008gi100N6g00000VCdgi0EM6g000002WpOo.png) 4. Once you have added and saved the DNS TXT entry, go back to Certbot terminal on your local machine and press **Enter**. 5. You'll be presented with:  Waiting for verification... Cleaning up challenges IMPORTANT NOTES:  - Congratulations! Your certificate and chain have been saved at:    /etc/letsencrypt/live//fullchain.pem    Your key file has been saved at:    /etc/letsencrypt/live//privkey.pem    Your cert will expire on . To obtain a new or tweaked    version of this certificate in the future, simply run certbot    again. To non-interactively renew *all* of your certificates, run    "certbot renew"  - If you like Certbot, please consider supporting our work by:    Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate    Donating to EFF:                    https://eff.org/donate-le 6. **Copy the contents of the certificate** you just generated on **your local machine** to the **Acquia Cloud interface SSL page.** 1. On _your local machine_ you can view the content of the `pem` files using the following commands (the default location is `/etc/letsencrypt/live/[domain]/`) :  $ sudo cat /etc/letsencrypt/live//fullchain.pem $ sudo cat /etc/letsencrypt/live//privkey.pem 2. Following [Managing SSL certificates](/node/56371) once you reach step 4, you should populate the fields with the contents of the `fullchain.pem` and `privkey.pem`. **Note that the first certificate entry of `fullchain.pem` goes in the SSL certificate field. The second certificate entry of  `fullchain.pem` goes in the CA Intermediate certificates field and, the content of `privkey.pem` goes in the SSL Private Key section.** 7. You can now proceed to the next steps of [Managing SSL certificates](/node/56371) to Activate the certificate.