diff --git a/install/lib/installer_base.lib.php b/install/lib/installer_base.lib.php
index e262f31fa52f54ecb89f00695b447d2677728bef..5c2d78c8c82437d4aab3bf1fba5ed247eb7d9c80 100644
--- a/install/lib/installer_base.lib.php
+++ b/install/lib/installer_base.lib.php
@@ -2720,6 +2720,42 @@ class installer_base {
 		return $response;
 	}
 
+	private function make_acme_vhost($server_name, $server = 'apache') {
+		global $conf;
+
+		$use_template = 'apache_acme.vhost.master';
+		if($server === 'nginx') {
+			$use_template = 'nginx_acme.vhost.master';
+		}
+
+		$vhost_conf_dir = $conf[$server]['vhost_conf_dir'];
+		$vhost_conf_enabled_dir = $conf[$server]['vhost_conf_enabled_dir'];
+
+		$tpl = new tpl($use_template);
+		$tpl->setVar('domain', $server_name);
+
+		if($server !== 'nginx') {
+			$tpl->setVar('apache_version',getapacheversion());
+		}
+
+		wf($vhost_conf_dir.'/acme.vhost', $tpl->grab());
+
+		if(@is_link($vhost_conf_enabled_dir.'/999-acme.vhost')) {
+			unlink($vhost_conf_enabled_dir.'/999-acme.vhost');
+		}
+		if(!@is_link($vhost_conf_enabled_dir.'/999-acme.vhost')) {
+			symlink($vhost_conf_dir.'/acme.vhost', $vhost_conf_enabled_dir.'/999-acme.vhost');
+		}
+
+		if($conf[$server]['installed'] == true && $conf[$server]['init_script'] != '') {
+			if($this->is_update) {
+				system($this->getinitcommand($conf[$server]['init_script'], 'force-reload').' &> /dev/null || ' . $this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
+			} else {
+				system($this->getinitcommand($conf[$server]['init_script'], 'restart').' &> /dev/null');
+			}
+		}
+	}
+
 	public function make_ispconfig_ssl_cert() {
 		global $conf, $autoinstall;
 
@@ -2802,13 +2838,18 @@ class installer_base {
 			$acme = explode("\n", shell_exec('which /usr/local/ispconfig/server/scripts/acme.sh /root/.acme.sh/acme.sh'));
 			$acme = reset($acme);
 
+			// first of all create the acme vhosts if not existing
+			if($conf['nginx']['installed'] == true) {
+				$this->make_acme_vhost($hostname, 'nginx');
+			} elseif($conf['apache']['installed'] == true) {
+				$this->make_acme_vhost($hostname, 'apache');
+			}
+
 			// Attempt to use Neilpang acme.sh first, as it is now the preferred LE client
 			if (is_executable($acme)) {
 
-				if($conf['nginx']['installed'] == true) {
-					exec("$acme --issue --nginx -d $hostname $renew_hook");
-				} elseif($conf['apache']['installed'] == true) {
-					exec("$acme --issue --apache -d $hostname $renew_hook");
+				if($conf['nginx']['installed'] == true || $conf['apache']['installed'] == true) {
+					exec("$acme --issue -w /usr/local/ispconfig/interface/acme -d $hostname $renew_hook");
 				}
 				// Else, it is not webserver, so we use standalone
 				else {
@@ -2840,10 +2881,8 @@ class installer_base {
 					$certonly = 'certonly --agree-tos --non-interactive --expand --rsa-key-size 4096';
 
 					// If this is a webserver
-					if($conf['nginx']['installed'] == true)
-						exec("$le_client $certonly $acme_version --nginx --email postmaster@$hostname -d $hostname $renew_hook");
-					elseif($conf['apache']['installed'] == true)
-						exec("$le_client $certonly $acme_version --apache --email postmaster@$hostname -d $hostname $renew_hook");
+					if($conf['nginx']['installed'] == true || $conf['apache']['installed'] == true)
+						exec("$le_client $certonly $acme_version --authenticator webroot --webroot-path /usr/local/ispconfig/interface/acme --email postmaster@$hostname -d $hostname $renew_hook");
 					// Else, it is not webserver, so we use standalone
 					else
 						exec("$le_client $certonly $acme_version --standalone --email postmaster@$hostname -d $hostname $hook");
diff --git a/install/tpl/apache_acme.vhost.master b/install/tpl/apache_acme.vhost.master
new file mode 100644
index 0000000000000000000000000000000000000000..59ece91c00b9a3f66342bbae95e07cec25358c09
--- /dev/null
+++ b/install/tpl/apache_acme.vhost.master
@@ -0,0 +1,18 @@
+<VirtualHost *:80>
+
+	ServerName <tmpl_var name='domain'>
+	
+	DocumentRoot /usr/local/ispconfig/interface/acme
+
+	<Directory /usr/local/ispconfig/interface/acme>
+		AllowOverride None
+		<tmpl_if name='apache_version' op='>' value='2.2' format='version'>
+		Require all granted
+		<tmpl_else>
+		Order allow,deny
+		Allow from all
+		</tmpl_if>
+	</Directory>
+
+</VirtualHost>
+
diff --git a/install/tpl/nginx_acme.vhost.master b/install/tpl/nginx_acme.vhost.master
new file mode 100644
index 0000000000000000000000000000000000000000..d7c576b04d35e06180cea48db6ff933914ec917c
--- /dev/null
+++ b/install/tpl/nginx_acme.vhost.master
@@ -0,0 +1,25 @@
+server {
+        listen 80;
+		listen [::]:80;
+
+		server_name <tmpl_var name='domain'>;
+
+		root /usr/local/ispconfig/interface/acme;
+
+		autoindex off;
+		index index.html;
+		
+		## Disable .htaccess and other hidden files
+		location ~ / {
+			deny all;
+		}
+
+        ## Allow access for .well-known/acme-challenge
+		location ^~ /.well-known/acme-challenge/ {
+			access_log off;
+			log_not_found off;
+			auth_basic off;
+			root /usr/local/ispconfig/interface/acme/;
+			try_files $uri $uri/ =404;
+        }
+}
\ No newline at end of file