# ⚠️ Advanced users

## Generating an SSL Certificate for Nestri Relay

This guide is for developers and advanced users who wish to self-host Nestri Relay. We strongly discourage this setup for general users due to its complexity, particularly when it comes to configuring SSL certificates correctly. Using a self-signed certificate or manually generating certificates can lead to issues with browser compatibility and security warnings, making it difficult to ensure a smooth experience.

For most users, we highly recommend using the **Nestri-hosted Relay**, which requires no manual setup and is ready to use out of the box.

---

## Generating an SSL Certificate Using Terraform

If you still wish to proceed with self-hosting, we recommend using Terraform to generate a valid SSL certificate. This method provides a secure, automated way to obtain the necessary certificates for Nestri Relay.

### Usage

1. **Update the `terraform.tfvars`** file with your domain and email.
2. Run the following command to initialize the Terraform working directory:
   
   ```bash
   terraform init
   ```
   ```bash
   terraform plan
   ```
   ```bash
   terraform apply
   ```
The configuration provides two sensitive outputs:
```bash
certificate_pem: The full certificate chain
private_key_pem: The private key for the certificate
```

These can be then be used in your `moq-relay` as it requires SSL/TLS certificates.

## Note
The generated certificate and key files are saved locally and ignored by git:
```git
.terraform
relay_*
```