diff --git a/test-server/configuration.nix b/test-server/configuration.nix
index d3f7915..ffc7e5b 100644
--- a/test-server/configuration.nix
+++ b/test-server/configuration.nix
@@ -104,6 +104,7 @@ in{
     restic
     hdparm
     wireguard-tools
+    openssl
   #  vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
   #  wget
   ];
diff --git a/test-server/modules/nextcloud.nix b/test-server/modules/nextcloud.nix
index e0354cf..ee0ede4 100644
--- a/test-server/modules/nextcloud.nix
+++ b/test-server/modules/nextcloud.nix
@@ -1,6 +1,17 @@
 { config, pkgs, lib, inputs, ... }:
 {
-        # Enable Nginx
+
+    age.secrets.nextcloud-cert = {
+        file = ../secrets/nextcloud-cert.age;
+        owner = "nginx";
+        group = "nginx";
+    };
+    age.secrets.nextcloud-key = {
+        file = ../secrets/nextcloud-key.age;
+        owner = "nginx";
+        group = "nginx";
+    };
+    # Enable Nginx
     services.nginx = {
         enable = true;
 
@@ -20,13 +31,14 @@
                 ## Force HTTP redirect to HTTPS
                 #forceSSL = true;
 		#sslTrustedCertificate = "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt";
+		sslCertificate = config.age.secrets.nextcloud-cert.path ;
+		sslCertificateKey = config.age.secrets.nextcloud-key.path ;	
                 ## LetsEncrypt
                 #enableACME = true;
             };
         };
     };
 
-
     age.secrets.nextcloud-admin = {
         file = ../secrets/nextcloud-admin.age;
         owner = "nextcloud";
diff --git a/test-server/secrets/nextcloud-cert.age b/test-server/secrets/nextcloud-cert.age
new file mode 100644
index 0000000..b24c888
Binary files /dev/null and b/test-server/secrets/nextcloud-cert.age differ
diff --git a/test-server/secrets/nextcloud-key.age b/test-server/secrets/nextcloud-key.age
new file mode 100644
index 0000000..86b83aa
Binary files /dev/null and b/test-server/secrets/nextcloud-key.age differ
diff --git a/test-server/secrets/secrets.nix b/test-server/secrets/secrets.nix
index 4fb3cff..8bb1ab5 100644
--- a/test-server/secrets/secrets.nix
+++ b/test-server/secrets/secrets.nix
@@ -8,6 +8,8 @@ in
   "github-runner-pw.age".publicKeys = [ nix-test-vm server ];
   "duckdns.age".publicKeys = [ nix-test-vm server ];
   "nextcloud-admin.age".publicKeys = [ nix-test-vm server ];
+  "nextcloud-cert.age".publicKeys = [ nix-test-vm server ];
+  "nextcloud-key.age".publicKeys = [ nix-test-vm server ];
   "restic-pw.age".publicKeys = [ nix-test-vm server ];
   "wireguard-private.age".publicKeys = [ nix-test-vm server ];
 }
diff --git a/test-server/secrets/selfsigned-cert.sh b/test-server/secrets/selfsigned-cert.sh
new file mode 100755
index 0000000..673a48b
--- /dev/null
+++ b/test-server/secrets/selfsigned-cert.sh
@@ -0,0 +1,2 @@
+#! /usr/bin/env bash
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ./nc-selfsigned.key -out ./nc-selfsigned.crt