> For the complete documentation index, see [llms.txt](https://documentation.hak5.org/cloud-c2/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://documentation.hak5.org/cloud-c2/guides/lets-encrypt-ssl-configuration-and-device-enrollment.md). # Let's Encrypt SSL configuration and device enrollment ## VIDEO GUIDE {% embed url="" %} ## CONFIGURING SSL WITH A LET'S ENCRYPT TLS CERTIFICATE Generally 1. Add an A record for your domain to your VPS IP address 2. Add the `-https` parameter to the Cloud C² binary and set the -hostname flag to the fully qualified domain name. For example: ``` sudo ./c2-3.2.0_amd64_linux -hostname example.com -https ``` {% hint style="warning" %} remember to specify the right architecture and version {% endhint %} {% hint style="info" %} From version 3.0.0 onward all, Cloud C² editions (Community, Edition, Teams) use the same binary. Filenames for Cloud C² will differ from example — however all parameters remain the same. {% endhint %} ## ADDING DEVICES Depending on which device you're using, this file will go in a different place. See this article on [Adding Devices to Cloud C²](/cloud-c2/getting-started/adding-devices.md) for more details - but generally: * WiFi Pineapple – put `device.config` in `/etc/` * LAN Turtle – put `device.config` in `/etc/` * Packet Squirrel – put `device.config` in `/etc/` * Signal Owl – put `device.config` in `/etc/` and use `C2CONNECT` in your payload * Shark Jack – put `device.config` in `/etc/` and use `C2CONNECT` in your payload * Screen Crab – put `device.config` on the root of the SD card * Key Croc – put `device.config` on the root of the KeyCroc disk from arming mode Generally, once the device is online it'll connect back to Cloud C² and you'll be able to interact with it from the dashboard. The exception to this is the Shark Jack and Signal Owl, which require the command `C2CONNECT` in the payload to initialize the connection. Likewise, run the `C2DISCONNECT` command to cut the connection. This is by design so that you aren't inadvertently connecting to your Cloud C² instance from every Shark Jack payload you run, as an example. Many devices support the `C2NOTIFY` and `C2EXFIL` commands to send notifications and exfiltrate loot. The `C2EXFIL` command must be run for each file uploaded to the Cloud C² server. When exfiltrating text files, you'll want to add the `STRING` option in order to make it viewable from the dashboard. For example, `C2EXFIL STRING /root/loot/file.txt MyPayloadName`. {% hint style="info" %} The payload name is optional, but helpful when multiple payloads run. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://documentation.hak5.org/cloud-c2/guides/lets-encrypt-ssl-configuration-and-device-enrollment.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.