diff --git a/2.Common_services/7.letsencrypt/0_setup.sh b/2.Common_services/7.letsencrypt/0_setup.sh
new file mode 100644
index 0000000000000000000000000000000000000000..c1408497e695fb47f989aa73bcac831cc9465ae4
--- /dev/null
+++ b/2.Common_services/7.letsencrypt/0_setup.sh
@@ -0,0 +1,63 @@
+# waiting for go
+exit 0
+
+trap "cp /tmp/{mediaserver-msuser.conf,skyreach.conf,msmonitor.conf} /etc/nginx/sites-available/; exit 255" ERR
+source /root/envsetup/global-conf.sh
+LE_DIR="/etc/letsencrypt/live/"
+
+# GET LETSENCRYPT
+sudo apt-get update
+sudo apt-get install software-properties-common
+sudo add-apt-repository ppa:certbot/certbot
+sudo apt-get update
+sudo apt-get install python-certbot-nginx
+
+cd /etc/nginx/sites-available/
+
+# BACKUP
+cp mediaserver-msuser.conf skyreach.conf msmonitor.conf /tmp/
+
+# PREPARE LETSENCRYPT REQUEST STRING
+# ALTER NGINX CONF TO ACCEPT CLEAR HTTP
+DOMAIN_STRING="${MS_SERVER_NAME}" && \
+	sed -i s/rewrite/#rewrite/ mediaserver-msuser.conf
+[ -n "${CM_SERVER_NAME}" ] && \
+	DOMAIN_STRING="${DOMAIN_STRING},${CM_SERVER_NAME}" && \
+	sed -i s/rewrite/#rewrite/ skyreach.conf
+[ -n "${MONITOR_SERVER_NAME}" ] && \
+	DOMAIN_STRING="${DOMAIN_STRING},${MONITOR_SERVER_NAME}" && \
+	sed -i s/rewrite/#rewrite/ msmonitor.conf
+
+set -e
+nginx -t && \
+	service nginx reload
+
+# ASKS FOR CERTS TO LETSENCRYPT
+mkdir -p /tmp/letsencrypt
+for domain in $MS_SERVER_NAME $CM_SERVER_NAME $MONITOR_SERVER_NAME; do
+	certbot certonly \
+		--webroot --webroot-path /tmp/letsencrypt \
+		--domains "${DOMAIN_STRING}" \
+		--email "${EMAIL_ADMINS}" \
+		--rsa-key-size 4096	
+done
+
+# RE-REDIRECT HTTP to HTTPS
+sed -i s/rewrite/#rewrite/ mediaserver-msuser.conf skyreach.conf msmonitor.conf
+
+# CHECK CERTS PRESENCE & EDIT NGINX CONFIG
+set +e
+[ -f ${LE_DIR}/${MS_SERVER_NAME}/{fullchain.pem,privkey.pem} ] && \
+	sed -i s/#ssl_certificate/ssl_certificate/g mediaserver-msuser.conf
+
+[ -f ${LE_DIR}/${CM_SERVER_NAME}/{fullchain.pem,privkey.pem} ] && \
+	sed -i s/#ssl_certificate/ssl_certificate/g skyreach.conf
+
+[ -f ${LE_DIR}/${MONITOR_SERVER_NAME}/{fullchain.pem,privkey.pem} ] && \
+	sed -i s/#ssl_certificate/ssl_certificate/g msmonitor.conf
+
+# RELOAD NGINX IF CONF IS CORRECT
+nginx -t && \
+	service nginx reload
+rm /tmp/{mediaserver-msuser.conf,skyreach.conf,msmonitor.conf}
+cd -
\ No newline at end of file