> ## Documentation Index
> Fetch the complete documentation index at: https://docs.agno.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Add HTTPS

> Add a custom domain and SSL certificate

HTTPS is required to connect your AgentOS to os.agno.com.

## Overview

1. Register a domain (or use an existing one)
2. Create an SSL certificate in AWS ACM
3. Configure your load balancer to use HTTPS

## Step 1: Set Up Your Domain

Register your domain with [Route 53](https://us-east-1.console.aws.amazon.com/route53/) or use an existing domain.

Create an A record pointing to your load balancer:

| Record               | Type      | Value             |
| -------------------- | --------- | ----------------- |
| `api.yourdomain.com` | A (Alias) | Your ALB DNS name |

<img src="https://mintcdn.com/agno-v2/yeT29TzCG5roT0hQ/images/llm-app-aidev-run.png?fit=max&auto=format&n=yeT29TzCG5roT0hQ&q=85&s=2387492f4fa89cab98e2a603da83535b" alt="Route 53 A record configuration" width="1081" height="569" data-path="images/llm-app-aidev-run.png" />

## Step 2: Create SSL Certificate

<Steps>
  <Step title="Request certificate">
    Go to [AWS ACM](https://us-east-1.console.aws.amazon.com/acm) and request a certificate for your domain (e.g., `*.yourdomain.com` or `api.yourdomain.com`).

    <img src="https://mintcdn.com/agno-v2/yeT29TzCG5roT0hQ/images/llm-app-request-cert.png?fit=max&auto=format&n=yeT29TzCG5roT0hQ&q=85&s=15b580029369ef5c8039bddfad4be52d" alt="AWS ACM request certificate" width="1105" height="581" data-path="images/llm-app-request-cert.png" />
  </Step>

  <Step title="Validate the certificate">
    Choose DNS validation. ACM will provide CNAME records to add to Route 53.

    Click "Create records in Route 53" to add them automatically.

    <img src="https://mintcdn.com/agno-v2/yeT29TzCG5roT0hQ/images/llm-app-validate-cert.png?fit=max&auto=format&n=yeT29TzCG5roT0hQ&q=85&s=4291826e3abd20126daf4e1bbd42c0a3" alt="AWS ACM certificate validation" width="1322" height="566" data-path="images/llm-app-validate-cert.png" />

    <Note>
      Certificate validation takes 5-30 minutes. Wait until status shows "Issued".
    </Note>
  </Step>

  <Step title="Copy the certificate ARN">
    Once issued, copy the ARN. It looks like:

    ```
    arn:aws:acm:us-east-1:[ACCOUNT_ID]:certificate/[CERTIFICATE_ID]
    ```
  </Step>
</Steps>

## Step 3: Configure Load Balancer

<Steps>
  <Step title="Update prd_resources.py">
    Add the certificate ARN:

    ```python infra/prd_resources.py theme={null}
    prd_fastapi = FastApi(
        ...
        load_balancer_enable_https=True,
        load_balancer_certificate_arn="arn:aws:acm:us-east-1:[ACCOUNT_ID]:certificate/[CERTIFICATE_ID]",
    )
    ```
  </Step>

  <Step title="Create HTTPS listener">
    <CodeGroup>
      ```bash Full Options theme={null}
      ag infra up --env prd --infra aws --name listener
      ```

      ```bash Shorthand theme={null}
      ag infra up prd:aws::listener
      ```
    </CodeGroup>
  </Step>

  <Step title="Redirect HTTP to HTTPS">
    <CodeGroup>
      ```bash Full Options theme={null}
      ag infra patch --env prd --infra aws --name listener
      ```

      ```bash Shorthand theme={null}
      ag infra patch prd:aws::listener
      ```
    </CodeGroup>

    All HTTP requests now redirect to HTTPS.
  </Step>
</Steps>

## Verify HTTPS Works

```bash theme={null}
curl https://api.yourdomain.com/health
```

Should return:

```json theme={null}
{"status": "ok", "instantiated_at": "..."}
```

## Troubleshooting

| Issue                               | Solution                                            |
| ----------------------------------- | --------------------------------------------------- |
| Certificate not validating          | Check CNAME records in Route 53, wait up to 30 min  |
| Certificate not showing in dropdown | Must be in same region as load balancer (us-east-1) |
| HTTPS not working after setup       | Run `ag infra patch prd:aws::listener` again        |