diff --git a/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb b/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb
index 3413a9e4612..58f795e639e 100644
--- a/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb
+++ b/app/services/pages_domains/obtain_lets_encrypt_certificate_service.rb
@@ -2,6 +2,14 @@
 
 module PagesDomains
   class ObtainLetsEncryptCertificateService
+    # time for processing validation requests for acme challenges
+    # 5-15 seconds is usually enough
+    CHALLENGE_PROCESSING_DELAY = 1.minute.freeze
+
+    # time LetsEncrypt ACME server needs to generate the certificate
+    # no particular SLA, usually takes 10-15 seconds
+    CERTIFICATE_PROCESSING_DELAY = 1.minute.freeze
+
     attr_reader :pages_domain
 
     def initialize(pages_domain)
@@ -14,6 +22,7 @@ module PagesDomains
 
       unless acme_order
         ::PagesDomains::CreateAcmeOrderService.new(pages_domain).execute
+        PagesDomainSslRenewalWorker.perform_in(CHALLENGE_PROCESSING_DELAY, pages_domain.id)
         return
       end
 
@@ -23,6 +32,7 @@ module PagesDomains
       case api_order.status
       when 'ready'
         api_order.request_certificate(private_key: acme_order.private_key, domain: pages_domain.domain)
+        PagesDomainSslRenewalWorker.perform_in(CERTIFICATE_PROCESSING_DELAY, pages_domain.id)
       when 'valid'
         save_certificate(acme_order.private_key, api_order)
         acme_order.destroy!
diff --git a/config/initializers/1_settings.rb b/config/initializers/1_settings.rb
index 4b0bb86e42a..9e74a67b73f 100644
--- a/config/initializers/1_settings.rb
+++ b/config/initializers/1_settings.rb
@@ -368,7 +368,7 @@ Settings.cron_jobs['pages_domain_removal_cron_worker']['cron'] ||= '47 0 * * *'
 Settings.cron_jobs['pages_domain_removal_cron_worker']['job_class'] = 'PagesDomainRemovalCronWorker'
 
 Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker'] ||= Settingslogic.new({})
-Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['cron'] ||= '*/5 * * * *'
+Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['cron'] ||= '*/10 * * * *'
 Settings.cron_jobs['pages_domain_ssl_renewal_cron_worker']['job_class'] = 'PagesDomainSslRenewalCronWorker'
 
 Settings.cron_jobs['issue_due_scheduler_worker'] ||= Settingslogic.new({})
diff --git a/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb b/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb
index d5f77f3354b..8d43ce4f662 100644
--- a/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb
+++ b/spec/services/pages_domains/obtain_lets_encrypt_certificate_service_spec.rb
@@ -34,8 +34,12 @@ describe PagesDomains::ObtainLetsEncryptCertificateService do
   end
 
   context 'when there is no acme order' do
-    it 'creates acme order' do
+    it 'creates acme order and schedules next step' do
       expect_to_create_acme_challenge
+      expect(PagesDomainSslRenewalWorker).to(
+        receive(:perform_in).with(described_class::CHALLENGE_PROCESSING_DELAY, pages_domain.id)
+          .and_return(nil).once
+      )
 
       service.execute
     end
@@ -82,8 +86,12 @@ describe PagesDomains::ObtainLetsEncryptCertificateService do
       stub_lets_encrypt_order(existing_order.url, 'ready')
     end
 
-    it 'request certificate' do
+    it 'request certificate and schedules next step' do
       expect(api_order).to receive(:request_certificate).and_call_original
+      expect(PagesDomainSslRenewalWorker).to(
+        receive(:perform_in).with(described_class::CERTIFICATE_PROCESSING_DELAY, pages_domain.id)
+          .and_return(nil).once
+      )
 
       service.execute
     end