diff --git a/config/tls/.tls_certs_here b/config/tls/.tls_certs_here
new file mode 100644
index 0000000..e69de29
diff --git a/config/tls/cert-config.sh b/config/tls/cert-config.sh
deleted file mode 100644
index a309af9..0000000
--- a/config/tls/cert-config.sh
+++ /dev/null
@@ -1,6 +0,0 @@
-# environment variables for tls generation
-
-export TLS_EXPIRE_AFTER_DAYS=365
-export TLS_COMMON_NAME="localhost"
-export TLS_ALT_NAME1="127.0.0.1"
-export TLS_ALT_NAME2="localhost.localdomain"
diff --git a/docs/Commands.md b/docs/Commands.md
index 68ebe71..ff0cee2 100644
--- a/docs/Commands.md
+++ b/docs/Commands.md
@@ -25,11 +25,6 @@ This sets up some database tables, views, and more, generates a secret key for t
 
 ---
 
-`generate-tls-cert` - generate a new self-signed tls certificate for https  
-This overwrites the original files, if present (see [Setup](Setup.md)).
-
----
-
 `generate-secret-key` - generate a new random secret key for django  
 This will overwrite the old one.  
 Warning: After running this, current sessions will be invalid, and the users have to relogin. Don't run this command while the server is running.
diff --git a/docs/Configuration.md b/docs/Configuration.md
index 1c99e3d..239dde3 100644
--- a/docs/Configuration.md
+++ b/docs/Configuration.md
@@ -7,15 +7,6 @@
 There is no default configuration available, only a sample configuration with explanations.
 
 
-## Configuration files for tls certificates
-
-This is the configuration for self-signed local TLS certificate generation.  
-
-`./config/tls/cert-config.sh`
-
-This is already configured, but you can modify this for your needs.
-
-
 ## Caddy Server Configuration  
 
 `./config/Caddyfile`  
diff --git a/docs/Setup.md b/docs/Setup.md
index 4f5940f..2d3907d 100644
--- a/docs/Setup.md
+++ b/docs/Setup.md
@@ -81,16 +81,8 @@ You can configure your database connection in `config/config.sh`.
 
 ## IV. HTTPS & TLS Certificates
 
-TLS/SSL certificates are required.
-If you don't have a TLS/SSL certificate already, you can generate one
-with the command `./run.sh generate-tls-cert`. This will generate a 
-new TLS certificate and key file at `config/tls/server.pem` (certificate)
-and `config/tls/server-key.pem` (key).  
-WARNING: This will overwrite an existing certificate/key with the same filepath.
-By default those generated certificates are valid for one year. After that year,
-they have to be regenerated with the same command.  
-
-If you have a certificate and key file already, you can put them in the following places:
+A TLS/SSL certificate and key is required.
+Filepaths:
 
 - `config/tls/server.pem` for the certificate 
 - `config/tls/server-key.pem` for the key
diff --git a/lib/generate-tls-cert.py b/lib/generate-tls-cert.py
deleted file mode 100644
index 6867c9e..0000000
--- a/lib/generate-tls-cert.py
+++ /dev/null
@@ -1,93 +0,0 @@
-#!/usr/bin/env python3
-
-import json
-
-from datetime import datetime
-from datetime import timedelta
-from os import environ
-from pathlib import Path
-
-from cryptography import x509
-from cryptography.hazmat.backends import default_backend
-from cryptography.hazmat.primitives import hashes
-from cryptography.hazmat.primitives import serialization
-from cryptography.hazmat.primitives.asymmetric import rsa
-
-
-"""
-this script creates a locally signed ca certificate.
-"""
-
-
-# paths
-
-tls_root_dir = Path("config") / "tls"
-
-path_server_cert = tls_root_dir / "server.pem"
-path_server_key = tls_root_dir / "server-key.pem"
-
-
-if __name__ == "__main__":
-
-    # get configuration from environment variable
-
-    conf_common_name = environ["TLS_COMMON_NAME"]
-    conf_tls_expire_after_days = int(environ["TLS_EXPIRE_AFTER_DAYS"])
-
-    try:
-        conf_alternative_name1 = environ["TLS_ALT_NAME1"]
-    except KeyError:
-        conf_alternative_name1 = None
-
-    try:
-        conf_alternative_name2 = environ["TLS_ALT_NAME2"]
-    except KeyError:
-        conf_alternative_name2 = None
-
-    # generate server cert & key
-
-    private_key = rsa.generate_private_key(
-        public_exponent=65537,
-        key_size=4096,
-        backend=default_backend()
-    )
-
-    subject = issuer = x509.Name([
-        x509.NameAttribute(x509.oid.NameOID.COUNTRY_NAME, "--"),
-        x509.NameAttribute(x509.oid.NameOID.STATE_OR_PROVINCE_NAME, "--"),
-        x509.NameAttribute(x509.oid.NameOID.LOCALITY_NAME, "--"),
-        x509.NameAttribute(x509.oid.NameOID.ORGANIZATION_NAME, "--"),
-        x509.NameAttribute(x509.oid.NameOID.COMMON_NAME, conf_common_name)
-    ])
-
-    cert_sans = []
-
-    if conf_alternative_name1 != None:
-        cert_sans.append(x509.DNSName(conf_alternative_name1))
-
-    if conf_alternative_name2 != None:
-        cert_sans.append(x509.DNSName(conf_alternative_name2))
-
-    certificate = x509.CertificateBuilder()\
-        .subject_name(subject)\
-        .issuer_name(issuer)\
-        .public_key(private_key.public_key())\
-        .serial_number(x509.random_serial_number())\
-        .not_valid_before(datetime.utcnow())\
-        .not_valid_after(datetime.utcnow() + timedelta(days=conf_tls_expire_after_days))\
-        .add_extension(x509.SubjectAlternativeName(cert_sans), critical=False)\
-        .add_extension(x509.BasicConstraints(ca=False, path_length=None), critical=True)\
-    .sign(private_key, hashes.SHA512(), backend=default_backend())
-
-    with path_server_cert.open("wb") as certout:
-        certout.write(certificate.public_bytes(serialization.Encoding.PEM))
-    
-    with path_server_key.open("wb") as keyout:
-        private_key_bytes = private_key.private_bytes(
-            encoding = serialization.Encoding.PEM,
-            format = serialization.PrivateFormat.TraditionalOpenSSL,
-            encryption_algorithm=serialization.NoEncryption()
-        )
-        keyout.write(private_key_bytes)
-
-    print("Generated TLS certificate & key.")
diff --git a/pip-dependencies.txt b/pip-dependencies.txt
index 61287a1..3107a0b 100644
--- a/pip-dependencies.txt
+++ b/pip-dependencies.txt
@@ -3,4 +3,3 @@ django-currentuser==0.5.3
 django-csp==3.7
 psycopg2~=2.9.1
 uvicorn~=0.17.6
-cryptography~=36.0.0
diff --git a/run.sh b/run.sh
index 48e4f16..c015033 100755
--- a/run.sh
+++ b/run.sh
@@ -8,7 +8,6 @@ function show_dm_help { # $1 = exit code
     echo -e "  server\t\tstart server"
     echo -e "  setup\t\t\tset up the application"
     echo -e "  create-admin\t\tcreate an admin account"
-    echo -e "  generate-tls-cert\tgenerate a new self-signed tls certificate for https"
     echo -e "  generate-secret-key\tgenerate a new random secret key for django"
     echo -e "  clear-sessions\tmanually remove all expired sessions from the database"
     echo -e "  force-db-upgrade\tforce a database migration & upgrade"
@@ -55,11 +54,6 @@ else
     elif [ $1 = 'setup' ]; then
 
         source "$(pwd)/lib/setup-application.sh"
-    
-    elif [ $1 = 'generate-tls-cert' ]; then
-
-        source "$(pwd)/config/tls/cert-config.sh"
-        python3 "$(pwd)/lib/generate-tls-cert.py"
 
     elif [ $1 = 'generate-secret-key' ]; then