Title: Install a Let&#8217;s Encrypt TLS certificate
Author: WordPress VIP Documentation
Published: September 5, 2021
Last modified: June 11, 2025

---

 1. [TLS](https://docs.wpvip.com/tls/)
 2. Install a Let’s Encrypt TLS certificate

#  Install a Let’s Encrypt TLS certificate

A Let’s Encrypt TLS certificate is available by default for any [domain that has been added](https://docs.wpvip.com/map-a-domain/#h-add-a-domain)
to an environment’s VIP Dashboard. To install a Let’s Encrypt certificate, the [domain must be verified](https://docs.wpvip.com/domains/verification/)
and have [DNS updated to point to VIP](https://docs.wpvip.com/point-dns-to-vip/).

 * Elliptic Curve Cryptography (ECC) certificates are issued for newly installed
   or renewed Let’s Encrypt certificates.
 * RSA certificates can only be issued by [installing a custom TLS certificate](https://docs.wpvip.com/custom-tls-cert/).
 * The VIP Platform will automatically make attempts to renew a domain’s installed
   Let’s Encrypt certificate 28 days prior to the certificate’s expiration date.

## Access

**Prerequisites**

 * Installing a Let’s Encrypt certificate for a domain in the VIP Dashboard requires
   a user to have at minimum an [Org member role](https://docs.wpvip.com/manage-user-access/vip-dashboard/org-roles)
   or an [App write role](https://docs.wpvip.com/app-role/) for that application.
 * [The domain has been verified](https://docs.wpvip.com/domains/verification/).

Domains have specific [application](https://docs.wpvip.com/application/) and [environment](https://docs.wpvip.com/vip-platform/environments/)
associations.

 1. Navigate to the [VIP Dashboard](https://dashboard.wpvip.com/) for the application
    that the domain is associated with.
 2. Select the environment that the domain points to (e.g., production, develop) from
    the dropdown located at the upper left of the dashboard.
 3. Select “**Domains & TLS**” from the sidebar navigation at the left of the screen.
 4. Select the “**•••**” button located to the right of the domain.
 5. Select “**Install Let’s Encrypt**” from the overflow menu.
 6. A confirmation message will appear at the bottom of the dashboard screen when the
    Let’s Encrypt TLS certificate has been installed.

![](https://docs.wpvip.com/wp-content/uploads/sites/2/2024/02/domains-overflow-menu.
png)

Example screenshot of the options in the overflow menu in the “Domains & TLS” panel
of the VIP Dashboard

## CAA Records

A [Certification Authority Authorization (CAA) record](https://support.dnsimple.com/articles/caa-record/)
specifies which [certificate authorities](https://support.dnsimple.com/articles/what-is-certificate-authority/)(
CAs) are allowed to issue TLS certificates for a domain. An example use case would
be to prevent [Let’s Encrypt TLS certificates](https://docs.wpvip.com/lets-encrypt-cert/)
from being issued for a domain in the VIP Dashboard by adding a CAA record for a
specific external certificate authority instead.

Last updated: June 11, 2025