diff --git a/docker/letsencrypt/Dockerfile.j2 b/docker/letsencrypt/Dockerfile.j2
new file mode 100644
index 0000000000..8e245b480b
--- /dev/null
+++ b/docker/letsencrypt/Dockerfile.j2
@@ -0,0 +1,29 @@
+FROM {{ namespace }}/{{ image_prefix }}openstack-base:{{ tag }}
+LABEL maintainer="{{ maintainer }}" name="{{ image_name }}"
+
+{% block letsencrypt_header %}{% endblock %}
+
+{% import "macros.j2" as macros with context %}
+
+{# NOTE(jkirsch): EPEL required for lego #}
+{{ macros.enable_extra_repos(['epel']) }}
+
+{% if base_package_type == 'rpm' %}
+    {% set letsencrypt_packages = [
+        'certbot',
+        'cronie'
+    ] %}
+{% elif base_package_type == 'deb' %}
+    {% set letsencrypt_packages = [
+        'certbot',
+        'cron'
+    ] %}
+{% endif %}
+{{ macros.install_packages(letsencrypt_packages | customizable("packages")) }}
+
+
+COPY extend_start.sh /usr/local/bin/kolla_extend_start
+RUN chmod 755 /usr/local/bin/kolla_extend_start
+
+{% block letsencrypt_footer %}{% endblock %}
+{% block footer %}{% endblock %}
diff --git a/docker/letsencrypt/extend_start.sh b/docker/letsencrypt/extend_start.sh
new file mode 100644
index 0000000000..420c96028b
--- /dev/null
+++ b/docker/letsencrypt/extend_start.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+if [[ ! -d "/var/log/kolla/letsencrypt" ]]; then
+    mkdir -p /var/log/kolla/letsencrypt
+fi
+if [[ $(stat -c %a /var/log/kolla/letsencrypt) != "755" ]]; then
+    chmod 755 /var/log/kolla/letsencrypt
+fi
+
+. /usr/local/bin/kolla_httpd_setup
diff --git a/kolla/common/config.py b/kolla/common/config.py
index 4696662350..25e5821329 100755
--- a/kolla/common/config.py
+++ b/kolla/common/config.py
@@ -58,6 +58,7 @@ _PROFILE_OPTS = [
                     'keepalived',
                     'kibana',
                     'kolla-toolbox',
+                    'letsencrypt',
                     'logstash',
                     'mariadb',
                     'memcached',
@@ -946,6 +947,10 @@ USERS = {
     'proxysql-user': {
         'uid': 42487,
         'gid': 42487,
+    },
+    'letsencrypt-user': {
+        'uid': 42488,
+        'gid': 42488,
     }
 }
 
diff --git a/releasenotes/notes/bp-letsencrypt-https-b3245976c513f99b.yaml b/releasenotes/notes/bp-letsencrypt-https-b3245976c513f99b.yaml
new file mode 100644
index 0000000000..80e0f1bcaf
--- /dev/null
+++ b/releasenotes/notes/bp-letsencrypt-https-b3245976c513f99b.yaml
@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Adds containers for integration with Let's Encrypt.