# How to add an SSL certificate?
## Prerequisites
* All prerequisites required for [RevDeBug Server installation](/revdebug/installing-revdebug-server.md)
* Server must have Domain Name System (DNS) set up
* Ports 80 and 443 must be opened on firewall
{% hint style="warning" %}
**Stop RevDeBug Server if it is running**
{% endhint %}
## To generate Let’s Encrypt SSL certificate execute command below:
```bash
sudo docker run -it --rm --name certbot -p 80:80 -p 443:443 \
-v "/var/rdb/etc/letsencrypt:/etc/letsencrypt" \
-v "/var/rdb/var/lib/letsencrypt:/var/lib/letsencrypt" \
certbot/certbot certonly
```
{% hint style="info" %}
To minimize the impact of erroneously issued certificates, the Let's Encrypt license expires every three months - you can use another SSL certificate
{% endhint %}
{% hint style="info" %}
Remember that the certificate file should contain the full certificate chain and be in a PEM format - more on how to create this type of file [here](https://www.digicert.com/kb/ssl-support/pem-ssl-creation.htm)
{% endhint %}
### After executing above docker command you’ll need to provide answers to the following:
1. How would you like to authenticate with the ACME CA?
* Select: Spin up a temporary webserver (standalone)
2. If you are doing this for the first time then you will need to provide your contact email and accept the terms and conditions.
3. Please enter the domain name(s) you would like on your certificate (comma and/or space separated)
* You must specify the fully qualified server name (DNS), for example: **revdebug.company.com**
4. After the certificate generation was successful you should see a message similar to the one below:
```bash
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/[host_name]/fullchain.pem
Key is saved at: /etc/letsencrypt/live/[host_name]/privkey.pem
This certificate expires on [date].
These files will be updated when the certificate renews.
```
### After generating the certificate, work with the files:
* Change directory
```bash
cd /var/rdb/etc/letsencrypt/live/[your_dns_adress]
```
* Copy the fullchain.pem and privkey.pem key to a pre-selected location of your choice (default path is `/var/revdebug/cert`)\
Commands to copy the files:
```bash
mkdir -p /var/revdebug/cert
cp fullchain.pem /var/revdebug/cert/[yourCert].crt
cp privkey.pem /var/revdebug/cert/[yourCert].key
```
{% hint style="info" %}
Files must have the same name with the correct extension
{% endhint %}
### Table with description of the most important environment variables in .env for adding SSL certificates
| Name | Explanation |
| --------------------------- | -------------------------------------------------------------------------------------------------------------------------- |
| `REVDEBUG_CERTIFICATE_PATH` |
Location of ssl certificates files
e.g.: /var/revdebug/cert
|
| `REVDEBUG_CERTIFICATE_NAME` |
Name of the .crt and .key files in the certificate directory
e.g.: yourCert
|
* To change the default path where the certificates are located, you must also change the `REVDEBUG_CERTIFICATE_PATH` setting in the **.env** file.
* Remember to set the correct value of the `REVDEBUG_SERVER_NAME` variable in the **.env** file.
{% hint style="warning" %}
After enabling the options in the **.env** file, start RevDeBug Server and access its HTTPS address to verify the changes work.
{% endhint %}
{% hint style="warning" %}
The private key cannot be password protected.
{% endhint %}
{% hint style="warning" %}
Certificates from a certification center, if used internally, must reside in **/var/revdebug/ca/** as separate **.crt** files for each root and intermediate certification center that signed the RevDeBug server certificate.
{% endhint %}
{% hint style="warning" %}
If you are using **Kubernetes Monitoring** in RevDeBug then you need to switch the `insecure=true` parameter in the OTEL configuration file to `insecure=false`.
{% endhint %}
## Enabling the use of SSL on the applications side:
## C\#
### Compiler
Set `true` in **Directory.Build.props** for example:
{% code title="Directory.Build.props" %}
```xml
truetrueCrashRecordertrue[host_name]42734truetruetrue
```
{% endcode %}
### Agent APM
Set `"ForceTLS": true` in **skyapm.json** for example:
{% code title="skyapm.json" %}
```json
{
"SkyWalking": {
"ServiceName": "ServiceName",
"Namespace": "",
"HeaderVersions": [
"sw8"
],
"Sampling": {
"SamplePer3Secs": -1
"Percentage": -1.0
},
"Logging": {
"Level": "Information",
"FilePath": "logs\\skyapm-{Date}.log"
},
"Transport": {
"Interval": 3000
"ProtocolVersion": "v8",
"QueueSize": 30000,
"BatchSize": 3000,
"gRPC": {
"Servers": "[host_name]:11800",
"Timeout": 10000,
"ConnectTimeout": 10000,
"ReportTimeout": 600000,
"ForceTLS": true
}
}
}
}
```
{% endcode %}
{% hint style="danger" %}
You would need to recompile/rebuild your application after those changes.
{% endhint %}
## Java
### **Compiler**
{% tabs %}
{% tab title="Maven" %}
Set `AforceTLS=true` in **pom.xml** for example:
{% code title="pom.xml" %}
```xml
...
org.apache.maven.pluginsmaven-compiler-plugin3.8.1-ArecordServerAddress=[host_name]-ArecordServerPort=42734-ArecordingMode=OnEvent-AapplicationName=[APP_NAME]-AsolutionName=[PROJECT_NAME]-AreleaseId=${git.commit.id}-AreleaseDisplayName=[DISPLAY_NAME]-ArepositoryPath=[STORAGE_PATH]-AuploadMetadata=true-AforceTLS=true1.81.8
...
```
{% endcode %}
{% endtab %}
{% tab title="Gradle" %}
Set `AforceTLS=true` in **build.gradle** for example:
{% code title="build.gradle" %}
```java
compileJava {
options.compilerArgs = [
"-ArecordServerAddress=[host_name]",
"-ArecordServerPort=42734",
"-ArecordingMode=OnEvent",
"-AapplicationName=[APP_NAME]",
"-AsolutionName=[PROJECT_NAME]",
"-AreleaseId=[HASH_COMMIT]",
"-AreleaseDisplayName=[DISPLAY_NAME]",
"-ArepositoryPath=[STORAGE_PATH]",
"-AuploadMetadata=true",
"-AlogErrorClass=[LOG_CLASS]",
"-AlogErrorMethod=[LOG_METHOD]",
"-AREVDEBUG_TRACE_LOG_ERROR=true",
"-AforceTLS=true"
]}
```
{% endcode %}
{% endtab %}
{% endtabs %}
### Agent APM
`agent.force_tls` set to `true` if your RevDeBug DevOps Monitor instance has been configured to work with an SSL certificate.
{% hint style="danger" %}
You would need to recompile/rebuild your application after those changes.
{% endhint %}
## JavaScript
Set `"secure": true` in **revdebug.json** for example:
{% code title="revdebug.json" %}
```json
{
"host": "[host_name]",
"apm": true,
"mode": "onevent",
"solution": "Node.js Application",
"secure": true
}
```
{% endcode %}
{% hint style="danger" %}
You would need to recompile/rebuild your application after those changes.
{% endhint %}
## Python
Set `force_tls = 1` in **revdebug.cfg** for example:
{% code title="revdebug.cfg" %}
```json
solution = Solution_Name
application = App_Name
mode = OnEvent
host = [host_name]
apm = 1
force_tls = 0 # 0 or 1, whether the RevDeBug server uses a secure connection
```
{% endcode %}
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://revdebug.gitbook.io/revdebug/how-to-guides/how-to-add-an-ssl-certificate.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.