diff --git a/lib/class.ISPConfig.inc.php b/lib/class.ISPConfig.inc.php
index ad90ecc473268ec019151c8cb847cddaef97691e..b06e1b2f454a24f9eeecaf2f549a7abf41cad530 100644
--- a/lib/class.ISPConfig.inc.php
+++ b/lib/class.ISPConfig.inc.php
@@ -173,6 +173,14 @@ class ISPConfig {
 		}
 	}
 
+	public static function wantsCertbot() {
+		if(isset($_GET['use-certbot']) && $_GET['use-certbot']) {
+			return true;
+		} else {
+			return false;
+		}
+	}
+
 	public static function wantsPHP() {
 		// If a new version is added, the getApacheModulesToDisable function should be updated to disable the latest version (this part could be improved)
 		$available_php_versions = array(
@@ -272,6 +280,7 @@ Possible arguments are:
 					->ommiting the argument (use all versions)
 	--use-ftp-ports ->This option sets the passive port range for pure-ftpd. You have to specify the port range separated by hyphen, e. g. --use-ftp-ports=40110-40210.
 					->If not provided the passive port range will not be configured.
+	--use-certbot	->Use Certbot instead of acme.sh for issuing Let\'s Encrypt certificates. Not adviced unless you are migrating from a old server that uses Certbot.
 	--no-web		->Do not use ISPConfig on this server to manage webserver setting and don\'t install nginx/apache or pureftpd. This will also prevent installing an ISPConfig UI and implies --no-roundcube as well as --no-pma
 	--no-mail		->Do not use ISPConfig on this server to manage mailserver settings. This will install postfix for sending system mails, but not dovecot and not configure any settings for ISPConfig mail. It implies --no-mailman.
 	--no-dns		->Do not use ISPConfig on this server to manage DNS entries. Bind will be installed for local DNS caching / resolving only.
@@ -302,7 +311,7 @@ Possible arguments are:
 
 		$valid_args = array(
 			'help', 'debug', 'interactive',
-			'use-nginx', 'use-amavis', 'use-php', 'use-unbound', 'use-ftp-ports', 'channel', 'lang', 'unattended-upgrades',
+			'use-nginx', 'use-amavis', 'use-php', 'use-unbound', 'use-ftp-ports', 'use-certbot', 'unattended-upgrades', 'channel', 'lang',
 			'no-web', 'no-mail', 'no-dns', 'no-firewall', 'no-roundcube', 'no-pma', 'no-mailman', 'no-quota', 'no-ntp', 'no-local-dns',
 			'i-know-what-i-am-doing'
 		);
diff --git a/lib/os/class.ISPConfigDebianOS.inc.php b/lib/os/class.ISPConfigDebianOS.inc.php
index 6eb1dab070753c5ed0bbe27135da4df771c0d0c7..3a462b038c9eb24b26e129376484d62fe046ffb9 100644
--- a/lib/os/class.ISPConfigDebianOS.inc.php
+++ b/lib/os/class.ISPConfigDebianOS.inc.php
@@ -958,13 +958,18 @@ mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"';
 			$this->restartService('apache2');
 		}
 
-		ISPConfigLog::info('Installing letsencrypt (acme.sh).', true);
-		$cmd = 'cd /tmp ; wget -O -  https://get.acme.sh 2>/dev/null | sh 2>/dev/null';
-		$result = $this->exec($cmd);
-		if($result === false) {
-			ISPConfigLog::warn('Installing letsencrypt failed.', true);
+		if (ISPConfig::wantsCertbot()) {
+			ISPConfigLog::info('Installing Certbot (Let\'s Encrypt).', true);
+			$this->installPackages('certbot');
 		} else {
-			ISPConfigLog::info('Letsencrypt installed.', true);
+			ISPConfigLog::info('Installing acme.sh (Let\'s Encrypt).', true);
+			$cmd = 'cd /tmp ; wget -O -  https://get.acme.sh 2>/dev/null | sh 2>/dev/null';
+			$result = $this->exec($cmd);
+			if($result === false) {
+				ISPConfigLog::warn('Installation of acme.sh (Let\'s Encrypt) failed.', true);
+			} else {
+				ISPConfigLog::info('acme.sh (Let\'s Encrypt) installed.', true);
+			}
 		}
 
 		$mailman_password = '';