diff --git a/netoik-rp.spec b/netoik-rp.spec
index c66ae34..e89d2d8 100644
--- a/netoik-rp.spec
+++ b/netoik-rp.spec
@@ -54,8 +54,9 @@ if [ -z $SKIP_CERTBOT ]; then
 	fi
 
 else
-	# Skipping certbot, so remove certificate entries in nginx conf
-	sed --in-place 's/^ssl_certificate/# ssl_certificate/g' %{_sysconfdir}/nginx/conf.d/0_security.conf
+	# Skipping certbot, so create self-signed certificate
+	mkdir --parents /etc/letsencrypt/live/netoik.io
+	openssl req -newkey rsa:4096 -nodes -keyout /etc/letsencrypt/live/netoik.io/privkey.pem -x509 -days 365 -out /etc/letsencrypt/live/netoik.io/fullchain.pem -subj "/C=US/ST=State/L=City/O=Organization/OU=Department/CN=netoik.io"
 fi
 
 # Restart services