diff --git a/install.sh b/install.sh
index 53a5e1ba..f596228a 100755
--- a/install.sh
+++ b/install.sh
@@ -129,24 +129,46 @@ fi
 echo -ne "${YELLOW}Create a username for meshcentral${NC}: "
 read meshusername
 
-while [[ $letsemail != *[@]*[.]* ]]
-do
-echo -ne "${YELLOW}Enter a valid email address for let's encrypt renewal notifications and meshcentral${NC}: "
-read letsemail
-done
-
-print_green 'Getting wildcard cert'
-
 sudo apt install -y software-properties-common
 sudo apt update
-sudo apt install -y certbot
+sudo apt install -y certbot openssl
 
-sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email
-while [[ $? -ne 0 ]]
-do
-sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email
+until [[ $LETS_ENCRYPT =~ (y|n) ]]; do
+    echo -ne "${YELLOW}Do you want to generate a Let's Encrypt certificate?[y,n]${NC}: "
+    read LETS_ENCRYPT
 done
 
+if [[ $LETS_ENCRYPT == "y" ]]; then
+
+    while [[ $letsemail != *[@]*[.]* ]]
+    do
+    echo -ne "${YELLOW}Enter a valid email address for let's encrypt renewal notifications and meshcentral${NC}: "
+    read letsemail
+    done
+
+    print_green 'Getting wildcard cert'
+
+    sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email
+    while [[ $? -ne 0 ]]
+    do
+    sudo certbot certonly --manual -d *.${rootdomain} --agree-tos --no-bootstrap --manual-public-ip-logging-ok --preferred-challenges dns -m ${letsemail} --no-eff-email
+    done
+
+    CERT_PRIV_KEY=/etc/letsencrypt/live/${rootdomain}/privkey.pem
+    CERT_PUB_KEY=/etc/letsencrypt/live/${rootdomain}/fullchainkey.pem
+
+else
+    echo -ne "\n${GREEN}We will generate a self-signed certificate for you.${NC}\n"
+    echo "\n${GREEN}You can replace this certificate later by generating the certificates and editting the nginx configuration\n"
+    sudo mkdir /certs
+    sudo mkdir /certs/${rootdomain}
+    sudo openssl req -newkey rsa:4096 -x509 -sha256 -days 365 -nodes -out /certs/${rootdomain}/pubkey.pem -keyout /certs/${rootdomain}/privkey.pem -subj "/C=US/ST=Some-State/L=city/O=Internet Widgits Pty Ltd/CN=*.${rootdomain}"
+
+    CERT_PRIV_KEY=/certs/${rootdomain}/privkey.pem
+    CERT_PUB_KEY=/certs/${rootdomain}/pubkey.pem
+
+fi
+
 print_green 'Creating saltapi user'
 
 sudo adduser --no-create-home --disabled-password --gecos "" saltapi
@@ -410,8 +432,8 @@ server {
     client_max_body_size 300M;
     access_log /rmm/api/tacticalrmm/tacticalrmm/private/log/access.log;
     error_log /rmm/api/tacticalrmm/tacticalrmm/private/log/error.log;
-    ssl_certificate /etc/letsencrypt/live/${rootdomain}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${rootdomain}/privkey.pem;
+    ssl_certificate ${CERT_PUB_KEY};
+    ssl_certificate_key ${CERT_PRIV_KEY};
     ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
 
     location /static/ {
@@ -469,8 +491,8 @@ server {
     proxy_send_timeout 330s;
     proxy_read_timeout 330s;
     server_name ${meshdomain};
-    ssl_certificate /etc/letsencrypt/live/${rootdomain}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${rootdomain}/privkey.pem;
+    ssl_certificate ${CERT_PUB_KEY};
+    ssl_certificate_key ${CERT_PRIV_KEY};
     ssl_session_cache shared:WEBSSL:10m;
     ssl_ciphers HIGH:!aNULL:!MD5;
     ssl_prefer_server_ciphers on;
@@ -716,8 +738,8 @@ server {
     access_log /var/log/nginx/frontend-access.log;
 
     listen 443 ssl;
-    ssl_certificate /etc/letsencrypt/live/${rootdomain}/fullchain.pem;
-    ssl_certificate_key /etc/letsencrypt/live/${rootdomain}/privkey.pem;
+    ssl_certificate ${CERT_PUB_KEY};
+    ssl_certificate_key ${CERT_PRIV_KEY};
     ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
 }