diff --git a/.gitignore b/.gitignore
index 2fc3256c..319c0355 100644
--- a/.gitignore
+++ b/.gitignore
@@ -2,3 +2,4 @@
 docker-compose.yml
 postfix/ssl/*
 assert.sh*
+letsencrypt/
diff --git a/README.md b/README.md
index 8dbb8155..8bc438f4 100644
--- a/README.md
+++ b/README.md
@@ -26,7 +26,7 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
 - aliases and fowards/redirects are managed in `./postfix/virtual`
 - antispam rules are managed in `./spamassassin/rules.cf`
 - files must be mounted to `/tmp` in your container (see `docker-compose.yml` template)
-- ssl is strongly recommended, you can provide a self-signed certificate, see below
+- ssl is strongly recommended, read [SSL.md](SSL.md) to use LetsEncrypt or Self-Signed Certificates
 - [includes integration tests](https://travis-ci.org/tomav/docker-mailserver) 
 - [builds automated on docker hub](https://hub.docker.com/r/tvial/docker-mailserver/)
 
@@ -40,23 +40,32 @@ Why I created this image: [Simple mail server with Docker](http://tvi.al/simple-
 
 ## run
 
-	docker run --name mail -v "$(pwd)/postfix":/tmp/postfix -v "$(pwd)/spamassassin":/tmp/spamassassin -p "25:25" -p "143:143" -p "587:587" -p "993:993" -h mail.my-domain.com -t tvial/docker-mailserver
+	docker run --name mail \
+    -v "$(pwd)/postfix":/tmp/postfix \
+    -v "$(pwd)/spamassassin":/tmp/spamassassin \
+    -v "$(pwd)/letsencrypt/etc":/etc/letsencrypt \
+    -p "25:25" -p "143:143" -p "587:587" -p "993:993" \
+    -e DMS_SSL=letsencrypt \
+    -h mail.domain.com \
+    -t tvial/docker-mailserver
 
 ## docker-compose template (recommended)
 
-	mail:
-	  # image: tvial/docker-mailserver
-	  build: .
-	  hostname: mail
-	  domainname: my-domain.com
-	  ports:
-	  - "25:25"
-	  - "143:143"
-	  - "587:587"
-	  - "993:993"
-	  volumes:
-	  - ./spamassassin:/tmp/spamassassin/
-	  - ./postfix:/tmp/postfix/
+    mail:
+      image: tvial/docker-mailserver
+      hostname: mail
+      domainname: domain.com
+      ports:
+      - "25:25"
+      - "143:143"
+      - "587:587"
+      - "993:993"
+      volumes:
+      - ./spamassassin:/tmp/spamassassin/
+      - ./postfix:/tmp/postfix/
+      - ./letsencrypt/etc:/etc/letsencrypt
+      environment:
+      - DMS_SSL=letsencrypt
 
 Volumes allow to:
 
@@ -68,53 +77,21 @@ Volumes allow to:
 
 	docker-compose up -d mail
 
-# configure ssl
-
-## generate self-signed ssl certificate
-
-You can easily generate a self-signed SSL certificate by using the following command:
-
-	docker run -ti --rm -v "$(pwd)"/postfix/ssl:/ssl -h mail.my-domain.com -t tvial/docker-mailserver generate-ssl-certificate
-
-	# Press enter
-	# Enter a password when needed
-	# Fill information like Country, Organisation name
-	# Fill "my-domain.com" as FQDN for CA, and "mail.my-domain.com" for the certificate.
-	# They HAVE to be different, otherwise you'll get a `TXT_DB error number 2`
-	# Don't fill extras
-	# Enter same password when needed
-	# Sign the certificate? [y/n]:y
-	# 1 out of 1 certificate requests certified, commit? [y/n]y
-
-	# will generate:
-	# postfix/ssl/mail.my-domain.com-key.pem (used in postfix)
-	# postfix/ssl/mail.my-domain.com-req.pem (only used to generate other files)
-	# postfix/ssl/mail.my-domain.com-cert.pem (used in postfix)
-	# postfix/ssl/mail.my-domain.com-combined.pem (used in courier)
-	# postfix/ssl/demoCA/cacert.pem (certificate authority)
-
-Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument.
-Check the following page for more information regarding [postfix and SSL/TLS configuration](http://www.mad-hacking.net/documentation/linux/applications/mail/using-ssl-tls-postfix-courier.xml).
-
-## configure ssl certificate (convention over configuration)
-
-If a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder.
-
 # client configuration
 
-	# imap
-	username:  				<username1@my-domain.com>
-	password:  				<username1password>
-	server:    				<your-server-ip-or-hostname>
-	imap port: 				143 or 993 with ssl (recommended)
-	imap path prefix:		INBOX
-	auth method:			md5 challenge-response
+    # imap
+    username:         <username1@my-domain.com>
+    password:         <username1password>
+    server:           <your-server-ip-or-hostname>
+    imap port:        143 or 993 with ssl (recommended)
+    imap path prefix:   INBOX
+    auth method:      md5 challenge-response
 
-	# smtp
-	smtp port:				25 or 587 with ssl (recommended)
-	username:  				<username1@my-domain.com>
-	password:  				<username1password>
-	auth method:			md5 challenge-response
+    # smtp
+    smtp port:        25 or 587 with ssl (recommended)
+    username:         <username1@my-domain.com>
+    password:         <username1password>
+    auth method:      md5 challenge-response
 
 # todo
 
diff --git a/SSL.md b/SSL.md
new file mode 100644
index 00000000..13fa91df
--- /dev/null
+++ b/SSL.md
@@ -0,0 +1,49 @@
+# docker-mailserver with ssl
+
+There are multiple options to enable SSL:
+
+* using [letsencrypt](https://letsencrypt.org/) (recommended)
+* using self-signed certificates with the provided tool
+
+After installation, you can test your setup with [checktls.com](https://www.checktls.com/TestReceiver).
+
+## let's encrypt (recommended)
+
+To enable Let's Encrypt on your mail server, you have to:
+
+* get your certificate using [letsencrypt client](https://github.com/letsencrypt/letsencrypt)
+* add an environment variable `DMS_SSL` with value `letsencrypt` (see `docker-compose.yml.dist`)
+* mount your `letsencrypt` folder to `/etc/letsencrypt`
+
+You don't have anything else to do. Enjoy.
+
+## self signed certificates
+
+You can easily generate a self-signed SSL certificate by using the following command:
+
+    docker run -ti --rm -v "$(pwd)"/postfix/ssl:/ssl -h mail.my-domain.com -t tvial/docker-mailserver generate-ssl-certificate
+
+    # Press enter
+    # Enter a password when needed
+    # Fill information like Country, Organisation name
+    # Fill "my-domain.com" as FQDN for CA, and "mail.my-domain.com" for the certificate.
+    # They HAVE to be different, otherwise you'll get a `TXT_DB error number 2`
+    # Don't fill extras
+    # Enter same password when needed
+    # Sign the certificate? [y/n]:y
+    # 1 out of 1 certificate requests certified, commit? [y/n]y
+
+    # will generate:
+    # postfix/ssl/mail.my-domain.com-key.pem (used in postfix)
+    # postfix/ssl/mail.my-domain.com-req.pem (only used to generate other files)
+    # postfix/ssl/mail.my-domain.com-cert.pem (used in postfix)
+    # postfix/ssl/mail.my-domain.com-combined.pem (used in courier)
+    # postfix/ssl/demoCA/cacert.pem (certificate authority)
+
+Note that the certificate will be generate for the container `fqdn`, that is passed as `-h` argument.
+Check the following page for more information regarding [postfix and SSL/TLS configuration](http://www.mad-hacking.net/documentation/linux/applications/mail/using-ssl-tls-postfix-courier.xml).
+
+To use the certificate:
+
+* add an `DMS_SSL=self-signed` to your container environment variables
+* if a matching certificate (files listed above) is found in `postfix/ssl`, it will be automatically setup in postfix and courier-imap-ssl. You just have to place them in `postfix/ssl` folder.
diff --git a/bin/generate-ssl-certificate b/bin/generate-ssl-certificate
index 682b07d4..aee67906 100644
--- a/bin/generate-ssl-certificate
+++ b/bin/generate-ssl-certificate
@@ -10,5 +10,5 @@ openssl req -new -nodes -keyout /ssl/$FQDN-key.pem -out /ssl/$FQDN-req.pem -days
 # Sign the public key certificate with CA certificate
 openssl ca -out /ssl/$FQDN-cert.pem -infiles /ssl/$FQDN-req.pem
 # Combine certificates for courier
-cat /ssl/$FQDN-key.pem /ssl/$FQDN-cert.pem >> /ssl/$FQDN-combined.pem
+cat /ssl/$FQDN-key.pem /ssl/$FQDN-cert.pem > /ssl/$FQDN-combined.pem
 
diff --git a/docker-compose.yml.dist b/docker-compose.yml.dist
index 6f3ba3b4..f5d24f88 100644
--- a/docker-compose.yml.dist
+++ b/docker-compose.yml.dist
@@ -2,7 +2,7 @@ mail:
   # image: tvial/docker-mailserver
   build: .
   hostname: mail
-  domainname: my-domain.com
+  domainname: domain.com
   ports:
   - "25:25"
   - "143:143"
@@ -11,3 +11,6 @@ mail:
   volumes:
   - ./spamassassin:/tmp/spamassassin/
   - ./postfix:/tmp/postfix/
+  - ./letsencrypt/etc:/etc/letsencrypt
+  environment:
+  - DMS_SSL=letsencrypt
diff --git a/start-mailserver.sh b/start-mailserver.sh
index 89d84238..ce82eb33 100644
--- a/start-mailserver.sh
+++ b/start-mailserver.sh
@@ -54,28 +54,50 @@ echo "Postfix configurations"
 touch /etc/postfix/vmailbox && postmap /etc/postfix/vmailbox
 touch /etc/postfix/virtual && postmap /etc/postfix/virtual
 
-# Adding self-signed SSL certificate if provided in 'postfix/ssl' folder
-if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
-&& [ -e "/tmp/postfix/ssl/$(hostname)-key.pem"  ] \
-&& [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \
-&& [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then
-  echo "Adding $(hostname) SSL certificate"
-  mkdir -p /etc/postfix/ssl
-  cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl
-  cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl
-  cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl
-  cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl
+# SSL Configuration
+case $DMS_SSL in
+  "letsencrypt" )
+    # letsencrypt folders and files mounted in /etc/letsencrypt
 
-  # Postfix configuration
-  sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$(hostname)'-cert.pem/g' /etc/postfix/main.cf
-  sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
-  sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
-  sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
-  ln -s /etc/postfix/ssl/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem
+      # Postfix configuration
+      sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/fullchain.pem/g' /etc/postfix/main.cf
+      sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/letsencrypt\/live\/'$(hostname)'\/privkey.pem/g' /etc/postfix/main.cf
 
-  # Courier configuration
-  sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
-fi
+      # Courier configuration
+      cat /etc/letsencrypt/live/$(hostname)/privkey.pem /etc/letsencrypt/live/$(hostname)/cert.pem > /etc/letsencrypt/live/$(hostname)/combined.pem
+      sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/letsencrypt\/live\/'$(hostname)'\/combined.pem/g' /etc/courier/imapd-ssl
+
+      echo "SSL configured with letsencrypt certificates"
+
+    ;;
+
+  "self-signed" )
+    # Adding self-signed SSL certificate if provided in 'postfix/ssl' folder
+    if [ -e "/tmp/postfix/ssl/$(hostname)-cert.pem" ] \
+    && [ -e "/tmp/postfix/ssl/$(hostname)-key.pem"  ] \
+    && [ -e "/tmp/postfix/ssl/$(hostname)-combined.pem" ] \
+    && [ -e "/tmp/postfix/ssl/demoCA/cacert.pem" ]; then
+      echo "Adding $(hostname) SSL certificate"
+      mkdir -p /etc/postfix/ssl
+      cp /tmp/postfix/ssl/$(hostname)-cert.pem /etc/postfix/ssl
+      cp /tmp/postfix/ssl/$(hostname)-key.pem /etc/postfix/ssl
+      cp /tmp/postfix/ssl/$(hostname)-combined.pem /etc/postfix/ssl
+      cp /tmp/postfix/ssl/demoCA/cacert.pem /etc/postfix/ssl
+
+      # Postfix configuration
+      sed -i -r 's/smtpd_tls_cert_file=\/etc\/ssl\/certs\/ssl-cert-snakeoil.pem/smtpd_tls_cert_file=\/etc\/postfix\/ssl\/'$(hostname)'-cert.pem/g' /etc/postfix/main.cf
+      sed -i -r 's/smtpd_tls_key_file=\/etc\/ssl\/private\/ssl-cert-snakeoil.key/smtpd_tls_key_file=\/etc\/postfix\/ssl\/'$(hostname)'-key.pem/g' /etc/postfix/main.cf
+      sed -i -r 's/#smtpd_tls_CAfile=/smtpd_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
+      sed -i -r 's/#smtp_tls_CAfile=/smtp_tls_CAfile=\/etc\/postfix\/ssl\/cacert.pem/g' /etc/postfix/main.cf
+      ln -s /etc/postfix/ssl/cacert.pem /etc/ssl/certs/cacert-$(hostname).pem
+
+      # Courier configuration
+      sed -i -r 's/TLS_CERTFILE=\/etc\/courier\/imapd.pem/TLS_CERTFILE=\/etc\/postfix\/ssl\/'$(hostname)'-combined.pem/g' /etc/courier/imapd-ssl
+    fi
+
+    ;;
+
+esac
 
 echo "Fixing permissions"
 chown -R 5000:5000 /var/mail
diff --git a/test/test.sh b/test/test.sh
index 8eeed27b..43bce4f1 100644
--- a/test/test.sh
+++ b/test/test.sh
@@ -38,7 +38,7 @@ assert_raises "docker exec mail grep -- '-> <external1@otherdomain.tld>' /var/lo
 # Testing that a SPAM is rejected
 assert_raises "docker exec mail grep 'Blocked SPAM' /var/log/mail.log | grep spam@external.tld"
 
-# TODO: Testing that a Virus is rejected
+# Testing that a Virus is rejected
 assert_raises "docker exec mail grep 'Blocked INFECTED' /var/log/mail.log | grep virus@external.tld"
 
 # Testing presence of freshclam CRON