# Get SSL certificate (optional) Having secure HTTP in case the Authoring Platform is a public-facing instance is definitely a must. For such cases, we are providing a pre-configured environment and a convenience script to acquire the necessary SSL certificate. SSL certificate retrieval and renewal are managed by [certbot](https://certbot.eff.org/), the official ACME client recommended by [Let's Encrypt](https://letsencrypt.org/). To be able to obtain an SSL certificate the following requirements must be met: * docker and docker-compose are installed * the server instance has a public IP address * a DNS A record is configured for the desired domain name routing to the server's IP address For the sake of example let's say the target domain name is `snow-owl.b2ihealthcare.com` . Go to the sub-folder called `./snow-owl/docker/configs/cert`. Make sure the `init-certificate.sh` script has permissions to be executable and get some details about its parameters: ``` [root@host]# pwd /opt/snow-owl/docker/configs/cert [root@host]# chmod +x init-certificate.sh [root@host]# ./init-certificate.sh -h DESCRIPTION: Get certificate for the specified domain name using Let's Encrypt and certbot OPTIONS: -h Show this help -d domain Define the domain name to get the certificate for -e email (optional) The email address to use for the certificate registration EXAMPLES: ./init-certificate.sh -d mywebsite.com -e example@mail.com ./init-certificate.sh -d example.com ``` As you can see `-d` is used for specifying the domain name, and `-e` is used for specifying a contact email address (optional). Now execute the script with our example parameters: {% hint style="warning" %} Script execution will overwrite the files under ./snow-owl/docker/docker-compose.yml and ./snow-owl/docker/configs/nginx/nginx.conf. Make a note of any changes if required. {% endhint %} ```bash ./init-certificate.sh -d snow-owl.b2ihealthcare.com -e domain@b2ihealthcare.com ``` After successful execution, a new folder is created `./snow-owl/cert` which contains all the certificate files required by NGINX. The docker-compose.yml file is also amended with a piece of code that guarantees automatic renewal of the certificate: ```yaml nginx: image: nginx:stable container_name: nginx volumes: - ./configs/nginx/conf.d/:/etc/nginx/conf.d/ - ./configs/nginx/nginx.conf:/etc/nginx/nginx.conf - ${CERT_FOLDER}/conf:/etc/letsencrypt - ${CERT_FOLDER}/www:/var/www/certbot depends_on: - snowowl ports: - "80:80" - "443:443" # Reload nginx config every 6 hours and restart command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'" restart: unless-stopped certbot: image: certbot/certbot:latest container_name: certbot volumes: - ${CERT_FOLDER}/conf:/etc/letsencrypt - ${CERT_FOLDER}/www:/var/www/certbot # Check for SSL cert renewal every 12 hours entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" restart: unless-stopped ``` At this point everything is prepared for having secure HTTP, let's see what else needs to be configured before spinning up the service. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.b2ihealthcare.com/authoring-platform-admin-guide/configuration/get-ssl-certificate-optional.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.