# Setup SSL on Web UI

To enable the ssl to web portal, you can use free certificate from letsencrypt.  To use the free letsencrypt ssl certificate, you can user cerbot.  Cerbot is a bot-like plugin which uses letsencrypt to get ssl certificate.  "certbot-nginx" is a plugin for the certbot  for automate renewal of SSL certificate using on nginx.  A standard free letsencrypt expires every 90 days, so the purpose of "cerbot" is to automatically renew the letsencrypt every 90 days.

The package for cerbot is :

```
python2-certbot-nginx.noarch
```

Here is the command:

```
command is yum -y install python2-cerbot-nginx
```

The following config file is an example for the manual ssl setup for using letsencrypt.  If you are  using cerbot, only thing you need is to change/set server\_name in /etc/nginx/conf.d/denovo.conf

{% code title="" %}

```
    server_name  localhost;    <---- change this to your domain name.
```

{% endcode %}

After you edit /etc/nginx/conf.d/denovo.conf and replace domain name with chosen domain name , you should run the command:

`certbot` &#x20;

You will be presented with wizard which will help you setup an letsencrypt account and  create a fre ssl for you.  this is free  ssl certificate which is valid for 90 days so some 2 weeks before certificate expires, you will be able to renew it by using command:

`certbot renew`

If you are not using cerbot, but you manually generate, or buy  SSL certificates you need to modify nginx config and  set it up manually.  This is the config you should refer to.

```
server {

    #listen       80;
    server_name  localhost;      <---- changing domain name to your domain name                      
    root         /opt/denovo_v6/web;
    index       index.html index.htm;
    client_max_body_size 320m;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
    try_files $uri $uri/ @rewrites;
    }

    location @rewrites {
    rewrite ^(.+)$ /index.html last;
    }


    error_page 404 /404.html;
        location = /40x.html {
    }

    error_page 500 502 503 504 /50x.html;
        location = /50x.html {
    }

    listen  443 ssl;      <------- Add SSL listen directive
    ssl_certificate /path/to/ssl/certificate.crt ;   <------- Add path to your cert file
    ssl_certificate_key /path/to/ssl/certificate_key;  <------ Add path to your cert key file
}
```

## Next step

After switching to domain name and choosing **https**, you would also need to edit **api.ini** and change schema and hostname there.

{% hint style="info" %}
**The default path for api.ini is /opt/denovo*****v6/api\_dnl/api.ini***
{% endhint %}

The variables to update are:

* **api\_schema**&#x20;
* **api\_host**

/![](/files/pUtwVJ8Ca6fBXrfBuCth)

Then, you can restart api using the following command:

```
systemctl restart dnl_api_dnl
```

## Auto Renew SSL Certificate

The lescrypt SSL certificate expires every 90 days.  You may want to set it to auto renew by using crontab.  The crontab command is as follows:

```
0 0,12 * * * root python3 -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cookbook.denovolab.com/installation/setup-ssl-on-web-ui.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.