diff --git a/.ebextensions/single-instance-ssl.config b/.ebextensions/single-instance-ssl.config
new file mode 100644
index 00000000..153c852f
--- /dev/null
+++ b/.ebextensions/single-instance-ssl.config
@@ -0,0 +1,25 @@
+Resources:
+  AWSEBAutoScalingGroup:
+    Metadata:
+      AWS::CloudFormation::Authentication:
+        S3Auth:
+          type: "s3"
+          buckets: ["mysterio-ssl"]
+          roleName:
+            "Fn::GetOptionSetting":
+              Namespace: "aws:autoscaling:launchconfiguration"
+              OptionName: "IamInstanceProfile"
+              DefaultValue: "aws-elasticbeanstalk-ec2-role"
+files:
+  "/etc/pki/tls/certs/mysterio.com.key":
+    mode: "000400"
+    owner: root
+    group: root
+    authentication: "S3Auth"
+    source: https://mysterio-ssl.s3.ap-south-1.amazonaws.com/mysterio.com.key
+  "/etc/pki/tls/certs/mysterio.com.pem":
+    mode: "000400"
+    owner: root
+    group: root
+    authentication: "S3Auth"
+    source: https://mysterio-ssl.s3.ap-south-1.amazonaws.com/mysterio.com.pem
diff --git a/.platform/nginx/conf.d/ssl.conf b/.platform/nginx/conf.d/ssl.conf
new file mode 100644
index 00000000..c1af8314
--- /dev/null
+++ b/.platform/nginx/conf.d/ssl.conf
@@ -0,0 +1,16 @@
+server {
+        listen        443 default_server ssl;
+        ssl_certificate    /etc/pki/tls/certs/mysterio.com.pem;
+        ssl_certificate_key    /etc/pki/tls/certs/mysterio.com.key;
+        access_log    /var/log/nginx/access_ssl.log main;
+
+        client_header_timeout 60;
+        client_body_timeout   60;
+        keepalive_timeout     60;
+        gzip                  off;
+        gzip_comp_level       4;
+        gzip_types text/plain text/css application/json application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript;
+
+        # Include the Elastic Beanstalk generated locations
+        include conf.d/elasticbeanstalk/*.conf;
+}