diff --git a/Dockerfile b/Dockerfile
index 4111003..7d4aaeb 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,9 +6,15 @@ RUN apt-get update \
  && apt-get install -y -q --no-install-recommends \
     ca-certificates \
     wget \
+    git \
  && apt-get clean \
  && rm -r /var/lib/apt/lists/*
 
+# Get Let's Encrypt client
+RUN git -C /opt clone https://github.com/letsencrypt/letsencrypt
+#RUN cd /opt/letsencrypt && ./letsencrypt-auto
+COPY letsencrypt.ini /etc/letsencrypt/cli.ini
+
 # Configure Nginx and apply fix for very long server names
 RUN echo "daemon off;" >> /etc/nginx/nginx.conf \
  && sed -i 's/^http {/&\n    server_names_hash_bucket_size 128;/g' /etc/nginx/nginx.conf
diff --git a/letsencrypt.ini b/letsencrypt.ini
new file mode 100644
index 0000000..52309f0
--- /dev/null
+++ b/letsencrypt.ini
@@ -0,0 +1,24 @@
+# This is an example of the kind of things you can do in a configuration file.
+# All flags used by the client can be configured here. Run Let's Encrypt with
+# "--help" to learn more about the available options.
+
+# Use a 4096 bit RSA key instead of 2048
+rsa-key-size = 4096
+
+# Always use the staging/testing server
+server = https://acme-staging.api.letsencrypt.org/directory
+
+# Uncomment and update to register with the specified e-mail address
+# email = foo@example.com
+
+# Uncomment to use a text interface instead of ncurses
+text = True
+
+# Uncomment to use the standalone authenticator on port 443
+# authenticator = standalone
+# standalone-supported-challenges = tls-sni-01
+
+# Uncomment to use the webroot authenticator. Replace webroot-path with the
+# path to the public_html / webroot folder being served by your web server.
+authenticator = webroot
+webroot-path = /usr/share/nginx/html