diff --git a/install_certbot.sh b/install_certbot.sh
new file mode 100644
index 0000000..19d579c
--- /dev/null
+++ b/install_certbot.sh
@@ -0,0 +1,94 @@
+#!/bin/bash
+certbot_path=$(which certbot)
+snap_path=$(which snap)
+if [ -z "$(which postfix)" ]; then
+  echo "postfix postfix/mailname string $USER" | sudo debconf-set-selections
+  echo "postfix postfix/main_mailer_type string 'Local only'" | sudo debconf-set-selections
+  sudo -p 'sudo password:' apt-get install -y postfix
+  sudo -p 'sudo password:' service postfix start
+fi
+if [ -z $certbot_path ]; then
+  echo "checking kernel version"
+  kernel_version=$(sudo -p 'sudo password:' uname -r)
+  echo "kernel_version: ${kernel_version}"
+  if [[ $kernel_version < 4.4 ]]; then
+    echo "Downloading certbot by using python3(since kernel < 4.4)..."
+    sudo -p 'sudo password:' add-apt-repository ppa:deadsnakes/ppa -y
+    echo "execing apt update..."
+    sudo -p 'sudo password:' apt-get -y -o DPkg::options::='--force-confdef' -o DPkg::options::='--force-confold' update
+    # if [ ! -z "$(sudo -p 'sudo password:' apt list --upgradable|grep 'linux-generic' )" ]; then
+    #   echo "execing apt upgrade..."
+    #   sudo -p 'sudo password:' apt-get -y -o DPkg::options::='--force-confdef' -o DPkg::options::='--force-confold' upgrade
+    #   echo "Computer will reboot 60 seconds later!"
+    #   sleep 60 && sudo reboot
+    #   exit 0
+    # fi
+    echo "Installing python3.8 python3.8-venv libaugeas0 ..."
+    sudo -p 'sudo password:' apt-get install python3.8 python3.8-venv libaugeas0 -y
+    python_path="$(which python3.8)"
+    if [ -z "$python_path" ]; then
+      echo "python3.8 not found!"
+      echo "Installing python3.8 from source!"
+      wget https://www.python.org/ftp/python/3.8.13/Python-3.8.13.tgz
+      echo "Installing building tools!"
+      sudo -p 'sudo password:' apt-get install -y make build-essential libssl-dev zlibc zlib1g-dev libbz2-dev libreadline-dev libsqlite3-dev wget curl llvm libncurses5-dev libncursesw5-dev xz-utils tk-dev
+      echo "Installing openssl 1.1.1m..."
+      wget https://www.openssl.org/source/openssl-1.1.1m.tar.gz --no-check-certificate
+      tar xzvf openssl-1.1.1m.tar.gz
+      cd openssl-1.1.1m
+      ./config no-ssl2 no-ssl3 zlib-dynamic -fPIC shared --prefix=/usr/local/openssl
+      make depend -j8 && sudo -p 'sudo password:' make install
+      cd ..
+      sudo -p 'sudo password:' bash -l -c "echo '/usr/local/openssl/lib' >> /etc/ld.so.conf.d/openssl.conf"
+      sudo -p 'sudo password:' ldconfig -v
+      tar xvf Python-3.8.13.tgz
+      cd Python-3.8.13/ && ./configure --with-openssl=/usr/local/openssl --enable-optimizations --with-ensurepip=install
+      sudo -p 'sudo password:' make altinstall
+      cd ..
+      python_path="$(which python3.8)"
+    fi
+    sudo -p 'sudo password:' rm -rf /opt/certbot/
+    echo "generating venv for certbot ..."
+    sudo -p 'sudo password:' python3.8 -m venv /opt/certbot/
+    sudo -p 'sudo password:' /opt/certbot/bin/pip install --trusted-host pypi.python.org --trusted-host pypi.org --upgrade pip
+    echo "Installing certbot on python3.8 ..."
+    sudo -p 'sudo password:' /opt/certbot/bin/pip install --trusted-host pypi.python.org --trusted-host pypi.org certbot certbot-nginx
+    sudo -p 'sudo password:' rm -f /usr/bin/certbot
+    sudo -p 'sudo password:' ln -s /opt/certbot/bin/certbot /usr/bin/certbot
+    sudo -p 'sudo password:' certbot register --email bohung@rulingcom.com --agree-tos -n
+    echo "Finish install certbot!"
+    certbot_path="/usr/bin/certbot"
+  else
+    if [ -z $snap_path ]; then
+      echo "execing apt update..."
+      sudo -p 'sudo password:' apt-get -y -o DPkg::options::='--force-confdef' -o DPkg::options::='--force-confold' update
+      echo "Installing snap..."
+      sudo -p 'sudo password:' apt install snapd -y
+      snap_path=$(which snap)
+    fi
+    if [ ! -z $snap_path ]; then
+      echo "Installing snap core..."
+      sudo -p 'sudo password:' bash -l -c 'snap install core && snap refresh core'
+      echo "Installing certbot with snap..."
+      sudo -p 'sudo password:' snap install --classic certbot
+      sudo -p 'sudo password:' ln -s /snap/bin/certbot /usr/bin/certbot
+      sudo -p 'sudo password:' certbot register --email bohung@rulingcom.com --agree-tos -n
+      echo "Finish install certbot!"
+      certbot_path="/usr/bin/certbot"
+    else
+      echo "There was some error when installing snap!"
+    fi
+  fi
+fi
+if [ ! -z $certbot_path ]; then
+  echo "Setting certbot renew to cronjob..."
+  crontab_lines=$(sudo -p 'sudo password:' crontab -l)
+  certbot_renew_command=$(sudo -p 'sudo password:' crontab -l|grep "certbot"|grep "renew")
+  if [ -z "$certbot_renew_command" ]; then
+    echo "Add certbot renew cronjob!"
+    certbot_renew_command="30 2 * * 1 $certbot_path renew --no-self-upgrade --post-hook 'sudo service nginx restart' > /var/log/le-renew.log"
+    echo "$certbot_renew_command"
+    CRON="$certbot_renew_command" && (sudo -p 'sudo password:' crontab -l; echo "$CRON" ) | sudo -p 'sudo password:' crontab -
+  fi
+  echo "Finish setting renew cronjob!"
+fi
\ No newline at end of file