# Adding HTTPS to Velocity MTA email message links

{% hint style="info" %}
Before you begin, make sure Port 443 is open and unblocked by any other application, firewall, or SELinux policies on your server. 
{% endhint %}

{% hint style="success" %}
Instructions for automating the renewal of your Let's Encrypt certificate are at the end of this document, this is a one-time "set it and forget it" process. 
{% endhint %}

Log into your VPS where your MTA installation resides using SSH on macOS or PuTTY on Windows 

```
ssh root@1.2.3.4
```

**\*\*\* Note:** Use the the real IP address of your VPS above, not 1.2.3.4, this is just a placeholder. 

Change directory to your Velocity MTA installation:

```
cd velocity-install
```

You must be on the latest build for Let's Encrypt to work:

```
./upgrade.sh
```

Run this command for each of your ESP tracking domains (email message links) you're going to use with Velocity MTA and provide your subdomain and domain as an argument.

```
./generate_link_certificate.sh link.yourdomain.com
```

**\*\*\* Note:** Use the the real subdomain and domain of your tracking link above, not link.yourdomain.com, this is just a placeholder. This is the domain in your email messages sent through the MTA using http\:// currently.

Restart your MTA: 

```
./restart.sh
```

{% hint style="info" %}
**Create an automated cron job that renews your link's Let's Encrypt certificate.** 
{% endhint %}

Run the following command and when you're asked which editor to use, select nano:

```
crontab -e
```

<figure><img src="https://2024949584-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FHNgw7cfnOYHQr0B6GDXr%2Fuploads%2F3guDnx4TvNvTsY5eZ32Y%2FScreenshot%202024-01-04%20at%204.08.17%E2%80%AFPM.png?alt=media&#x26;token=a38f423f-ab4b-49b0-8ad5-8e06f574283e" alt=""><figcaption></figcaption></figure>

Copy and paste the following into the bottom of the editor, change the placeholder domain to your real tracking link domain, and hit ctrl-x to save:

{% code overflow="wrap" %}

```
* * */30 * * cd /root/velocity-install && ./renew_link_certificate.sh link.yourdomain.com > data/logs/certbot.log 2>&1
```

{% endcode %}

**\*\*\* Note:** Use the the real subdomain and domain of your tracking link above, not link.yourdomain.com, this is just a placeholder. This is the domain in your email messages send through your MTA using http\:// currently.

**\*\*\* Note:** If your MTA is installed somewhere else other than /root/velocity-install you will need to modify that as well.

{% hint style="success" %}
**You're done!**\
Your email links should be secured with https\:// going forward.&#x20;
{% endhint %}