Install a Let’s Encrypt TLS certificate
A Let’s Encrypt TLS certificate is available by default for any domain that has been added to an environment’s VIP Dashboard and has DNS updated to point to VIP.
- Elliptic Curve Cryptography (ECC) certificates are issued for newly installed or renewed Let’s Encrypt certificates.
- RSA certificates can only be issued by installing a custom TLS certificate.
- The “www” and the “non-www” versions of a domain must be added separately to the VIP Dashboard. Each version of the domain requires its own Let’s Encrypt certificate to be installed.
Prerequisites
- Installing a Let’s Encrypt certificate for a domain in the VIP Dashboard requires a user to have at minimum an Org member role or an App write role for that application.
- The DNS for the domain must already be pointed to VIP.
Domains have specific application and environment associations.
- Navigate to the VIP Dashboard for the application that the domain is associated with.
- Select the environment that the domain points to (e.g., Production, Develop) from the dropdown located at the upper left of the dashboard.
- Select the “Domains” panel option at the left.
- A button labeled “Install Certificate” will be displayed to the right of domains that do not yet have a TLS certificate.
- Select the “Install Certificate” button to access and select the “Let’s Encrypt” option in the dropdown.
- A confirmation message will appear at the bottom of the dashboard screen when the Let’s Encrypt TLS certificate has been installed.

Re-install a Let’s Encrypt certificate
The VIP Platform will automatically make attempts to renew a domain’s installed Let’s Encrypt certificate 28 days prior to the certificate’s expiration date.
If a Let’s Encrypt certificate fails to auto-renew, customers can re-install the certificate in the VIP Dashboard.
- Navigate to the VIP Dashboard for the application that the domain is associated with.
- Select the environment that the domain points to (e.g., Production, Develop) from the dropdown located at the upper left of the dashboard.
- Select the “Domains” panel option at the left.
- Click on the three dots (“···“) to the right of the domain.
- Select the “Re-install Let’s Encrypt” option from the dropdown.
- A confirmation message will appear at the bottom of the dashboard screen when the Let’s Encrypt TLS certificate has been re-installed.

Switch from a Let’s Encrypt certificate to a custom TLS certificate
After a Let’s Encrypt TLS certificate has been provisioned, it is possible to switch to a custom TLS certificate at any time.
- Navigate to the VIP Dashboard for the application that the domain is associated with.
- Select the environment that the domain points to (e.g., Production, Develop) from the dropdown located at the upper left of the dashboard.
- Select the “Domains” panel option at the left.
- Select on the three dots (“···“) to the right of the domain.
- Select the “Install Custom Certificate” option from the dropdown.
- Follow the instructions for installing a custom TLS certificate.
Last updated: April 03, 2023