diff --git a/iptables/templates/iptables-rules.v4.j2 b/iptables/templates/iptables-rules.v4.j2
index f28fb135..22153079 100644
--- a/iptables/templates/iptables-rules.v4.j2
+++ b/iptables/templates/iptables-rules.v4.j2
@@ -41,6 +41,9 @@
 -A INPUT -s {{ network.nmis }} -j ACCEPT
 -A INPUT -s {{ network.eduroam }} -j ACCEPT
 {% endif %}
+{% if letsencrypt_acme_install is defined and letsencrypt_acme_install %}
+-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
+{% endif %}
 {% if http_port is defined %}
 # http
 {% if http_allowed_hosts is defined %}