Skip to main content
HTTPS is required to connect your AgentOS to os.agno.com.

Overview

  1. Register a domain (or use an existing one)
  2. Create an SSL certificate in AWS ACM
  3. Configure your load balancer to use HTTPS

Step 1: Set Up Your Domain

Register your domain with Route 53 or use an existing domain. Create an A record pointing to your load balancer:
RecordTypeValue
api.yourdomain.comA (Alias)Your ALB DNS name
Route 53 A record configuration

Step 2: Create SSL Certificate

1

Request certificate

Go to AWS ACM and request a certificate for your domain (e.g., *.yourdomain.com or api.yourdomain.com).AWS ACM request certificate
2

Validate the certificate

Choose DNS validation. ACM will provide CNAME records to add to Route 53.Click “Create records in Route 53” to add them automatically.AWS ACM certificate validation
Certificate validation takes 5-30 minutes. Wait until status shows “Issued”.
3

Copy the certificate ARN

Once issued, copy the ARN. It looks like:
arn:aws:acm:us-east-1:[ACCOUNT_ID]:certificate/[CERTIFICATE_ID]

Step 3: Configure Load Balancer

1

Update prd_resources.py

Add the certificate ARN:
infra/prd_resources.py
prd_fastapi = FastApi(
    ...
    load_balancer_enable_https=True,
    load_balancer_certificate_arn="arn:aws:acm:us-east-1:[ACCOUNT_ID]:certificate/[CERTIFICATE_ID]",
)
2

Create HTTPS listener

ag infra up prd:aws:::listener
3

Redirect HTTP to HTTPS

ag infra patch prd:aws:::listener
All HTTP requests now redirect to HTTPS.

Verify HTTPS Works

curl https://api.yourdomain.com/health
Should return: 
{"status": "ok", "instantiated_at": "..."}

Troubleshooting

IssueSolution
Certificate not validatingCheck CNAME records in Route 53, wait up to 30 min
Certificate not showing in dropdownMust be in same region as load balancer (us-east-1)
HTTPS not working after setupRun ag infra patch prd:aws:::listener again