# Free Native SSL via Let's Encrypt

{% hint style="info" %}
Before you begin, make sure Port 443 is open and unblocked by any other application, firewall, or SELinux policies on your server. 
{% endhint %}

{% hint style="info" %}
This will enable HTTPS:// for your ESP, and also replace your Transactional SMTP Relay self-signed certificate with a real certificate so TLS will work with all SMTP Relay connecting applications. 
{% endhint %}

{% hint style="success" %}
Instructions for automating the renewal of your Let's Encrypt certificate every 30 days are at the end of this document, this is a one-time "set it and forget it" process. 
{% endhint %}

Log into your VPS using SSH on macOS or PuTTY on Windows .

Change directory to your ESP installation:

```
cd edcom-install
```

Run this command and provide your ESP subdomain and domain as an argument.

```
./generate_letsencrypt_certificate.sh esp.yourdomain.com
```

**\*\*\* Note:** Use the the real subdomain and domain of your VPS above, not esp.yourdomain.com, this is just a placeholder. This is the domain you use to access your ESP with http\:// currently.

Convert your ESP to use HTTPS:// from now on: 

```
./convert_to_ssl.sh
```

Restart your ESP: 

```
./restart.sh
```

{% hint style="info" %}
**Create an automated cron job that renews your Let's Encrypt certificate every 30 days.** 
{% endhint %}

Run the following command and when you're asked which editor to use, select nano:

```
crontab -e
```

<figure><img src="https://2024949584-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHNgw7cfnOYHQr0B6GDXr%2Fuploads%2F3guDnx4TvNvTsY5eZ32Y%2FScreenshot%202024-01-04%20at%204.08.17%E2%80%AFPM.png?alt=media&#x26;token=a38f423f-ab4b-49b0-8ad5-8e06f574283e" alt=""><figcaption></figcaption></figure>

Copy and paste the following into the bottom of the editor, change the placeholder domain to your real ESP domain, and hit ctrl-x to save:

{% code overflow="wrap" %}

```
* * */30 * * cd /root/edcom-install && ./renew_letsencrypt_certificate.sh esp.yourdomain.com > data/logs/certbot.log 2>&1
```

{% endcode %}

**\*\*\* Note:** Use the the real subdomain and domain of your VPS above, not esp.yourdomain.com, this is just a placeholder. This is the domain you use to access your ESP with http\:// currently.

<figure><img src="https://2024949584-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHNgw7cfnOYHQr0B6GDXr%2Fuploads%2Fzx2hQuBBtx4eVXVPFKOv%2FScreenshot%202024-01-04%20at%204.08.48%E2%80%AFPM.png?alt=media&#x26;token=903ae7a8-63c6-449c-8519-c003d3c7b083" alt=""><figcaption></figcaption></figure>

**\*\*\* Note:** If your ESP is installed somewhere else other than /root/edcom-install you will need to modify that as well.

{% hint style="success" %}
**You're done!**\
Access your ESP using https\:// from now on, and use https\:// for all related configuration, such as the mta.conf file, API connections, Pabbly integrations, etc.&#x20;
{% endhint %}