Breadcrumbs

Requesting Let’s Encrypt SSL Certificate

This article explains when we can enable a Let’s Encrypt certificate for your LMS, what prerequisites apply, and how to request it via Service Desk.

When is Let’s Encrypt Possible?

You can use Let’s Encrypt certificates for your LMS if:

  • no IMC Cloud Web Application Firewall (WAF) and no Azure FrontDoor are configured in front of the application.

  • if customers explicitly agree to this setup.

If a WAF is in place, certificate management must typically be handled at the WAF layer instead, and certificate renewal is not automated.

Important Considerations (DV Certificate)

Let’s Encrypt certificates are Domain Validation (DV) certificates.

This means:

  • The certificate confirms control over the domain.

  • It does not include verified organization details (e.g., company name, legal entity information).

  • The certificate details will not display company information.

You as customer must acknowledge and accept this limitation before implementation.

If your organization requires an Organization Validation (OV) or an Extended Validation (EV) certificate (e.g. for compliance, regulatory, or branding reasons), you must provide a commercially issued certificate instead. For more information, see Updating SSL Certificates

How to Request Let’s Encrypt via Service Desk

Usually, this can be implemented during the project phase. If not done at that point, you as a customer can request a Let’s Encrypt certificate after go-live:

Please create a Service Desk Ticket (ticket type Request).

Subject suggestion:

“Request to enable Let’s Encrypt certificate for [your LMS URL]”

Technical Requirements

If you select Let’s Encrypt, the following requirements apply:

Customer DNS Prerequisite
A public DNS entry must be created for the target domain, pointing to the application endpoint

IMC Hosting Operation
Our hosting team will configure and operate Certbot to:

  • request the certificate

  • install the certificate

  • ensure automatic renewal

Ongoing certificate renewal is handled automatically, provided that DNS and network configuration remain unchanged.

Costs

  • Let’s Encrypt certificates are free of charge (no license/certificate fees).

  • The setup effort is usually covered by your support and maintenance contract, unless the following services are required:

    • significant consulting

    • design changes

    • non‑standard adaptations

In that case, we will inform you in the ticket and may treat it as a Consulting Request.

We will clarify and agree any additional effort with you in advance via the Service Desk ticket.

How Renewal Works

If Let’s Encrypt is enabled by IMC in a supported scenario:

  • Certificates are issued with a validity of 90 days.

  • Our platform automatically renews certificates well before expiry via cert‑manager.

  • Renewals and certificate rollouts are performed without planned downtime.

  • You do not need to upload new certificates or open renewal tickets.