diff --git a/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls b/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls.sh
similarity index 52%
rename from docker_portainer_stacks/portainer/setup-dockerapi-master-withtls
rename to docker_portainer_stacks/portainer/setup-dockerapi-master-withtls.sh
index 4b3b87f..9c7d285 100644
--- a/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls
+++ b/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls.sh
@@ -4,8 +4,9 @@
 ###################################
 
 #### USAGE
-# bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls)"
+# clear;bash -c "$(wget -qLO - https://git.sthope.dev/sthope/sthope-examples/raw/branch/master/docker_portainer_stacks/portainer/setup-dockerapi-master-withtls)"
 #
+mkdir -p /opt/certs
 
 findRandomTcpPort(){
 	port=$(( 100+( $(od -An -N2 -i /dev/random) )%(1023+1) ))
@@ -22,23 +23,23 @@ p=$(findRandomTcpPort)
 MY_IP=$(ip -4 route get 8.8.8.8 | awk {'print $7'} | tr -d '\n')
 
 function openssl_genrsa_pass {
-    LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 64 > remember2delete
+    LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 64 > /opt/certs/remember2delete
 }
 
-$(openssl_genrsa_pass);cat remember2delete
+$(openssl_genrsa_pass);cat /opt/certs/remember2delete
 
-openssl genrsa -aes256  -passout file:remember2delete -out ca-key.pem 4096
+openssl genrsa -aes256  -passout file:/opt/certs/remember2delete -out /opt/certs/ca-key.pem 4096
 
-openssl req -new -x509 -days 365 -key ca-key.pem -sha256 -out ca.pem -passin file:remember2delete \
+openssl req -new -x509 -days 365 -key /opt/certs/ca-key.pem -sha256 -out /opt/certs/ca.pem -passin file:/opt/certs/remember2delete \
  -subj "/C=US/CN=$MY_IP"
 
-openssl genrsa -out server-key.pem 4096
+openssl genrsa -out /opt/certs/server-key.pem 4096
 
-echo subjectAltName = DNS:$MY_IP,IP:10.0.0.200,IP:127.0.0.1 >> extfile.cnf
-echo extendedKeyUsage = serverAuth >> extfile.cnf
+echo subjectAltName = DNS:$MY_IP,IP:10.0.0.200,IP:127.0.0.1 >> /opt/certs/extfile.cnf
+echo extendedKeyUsage = serverAuth >> /opt/certs/extfile.cnf
 
-openssl x509 -req -days 365 -sha256 -in server.csr -CA ca.pem -CAkey ca-key.pem \
-  -CAcreateserial -out server-cert.pem -extfile extfile.cnf
+openssl x509 -req -days 365 -sha256 -in /opt/certs/server.csr -CA /opt/certs/ca.pem -CAkey /opt/certs/ca-key.pem \
+  -CAcreateserial -out /opt/certs/server-cert.pem -extfile /opt/certs/extfile.cnf
 
 clear
 echo "##########################################################"