How do I obtain a certificate for a hidden service?

How do I obtain a certificate for a hidden service?Just like getting HTTPS certificates. Do you have any sample code?

Take a look at this article by @kushaldas : Get a TLS certificate for your onion service

(also see: Tor Project | HTTPS for your onion service)


I have attached a complete nginx config and torrc which uses unix sockets.

Unfortunately, the files are not accepted when uploading. Therefore here the link:


To make sure that nginx restarts correctly, you have to create the file override.conf in the folder /etc/systemd/system/nginx.service.d/ and add the following content:

ExecStop=-/sbin/start-stop-daemon \
         --quiet \
         --stop \
         --retry TERM/5 \
         --pidfile /run/
1 Like

One more important piece of info. In my nginx config is a section request_method which ensures that only GET and HEAD is allowed. If you need more, like PUT or POST etc you have to add that.

1 Like