# Automatically update the WAF compiler Type of document: How-to guide Product: NGINX Instance Manager > Enable F5 NGINX Instance Manager to automatically download and install new WAF compiler versions when needed. --- After you manually [install at least one version of the F5 WAF for NGINX compiler](/nim/waf-integration/configuration/install-waf-compiler/install.md), F5 NGINX Instance Manager can automatically download and install newer versions as needed. Automatic updates occur when: - A managed instance is upgraded to a newer version of F5 WAF for NGINX. - You add a new instance running a different version of F5 WAF for NGINX. To enable this feature, upload your F5 WAF for NGINX certificate and key to NGINX Instance Manager. This lets NGINX Instance Manager securely connect to the NGINX package repository and download the required compiler files. You only need to upload the certificate and key once. ## Upload the F5 WAF for NGINX certificate and key Follow these steps to get and upload the certificate and key: 1. Log in to [MyF5](https://account.f5.com/myf5). 1. Go to **My Products and Plans > Subscriptions**. 1. Download these files from your F5 WAF for NGINX subscription: - `nginx-repo.crt` (certificate) - `nginx-repo.key` (private key) 1. Create a JSON file that contains both files. Replace each newline (`\n`) in the certificate and key with a literal `\n` so the formatting is correct inside the JSON file. **Example request:** ```json { "name": "nginx-repo", "nginxResourceType": "NginxRepo", "certPEMDetails": { "caCerts": [], "password": "", "privateKey": "-----BEGIN PRIVATE KEY-----\n[content snipped]\n-----END PRIVATE KEY-----\n", "publicCert": "-----BEGIN CERTIFICATE-----\n[content snipped]\n-----END CERTIFICATE-----", "type": "PEM" } } ``` 1. Upload the file to NGINX Instance Manager using the REST API: ```shell curl -X POST 'https:///api/platform/v1/certs' --header "Authorization: Bearer " --header "Content-Type: application/json" -d @nginx-repo-certs.json ``` 1. If successful, you’ll see a response similar to this: **Example response:** ```json { "certAssignmentDetails": [], "certMetadata": [ { "authorityKeyIdentifier": "", "commonName": "", "expired": false, "expiry": 59789838, "issuer": "C=US, ST=Washington, L=Seattle, Inc., O=F5 Networks\\, OU=Certificate Authority, CN=F5 PRD Issuing Certificate Authority TEEM V1", "publicKeyType": "RSA (2048 bit)", "serialNumber": "", "signatureAlgorithm": "SHA256-RSA", "subject": "CN=", "subjectAlternativeName": "", "subjectKeyIdentifier": "", "thumbprint": "", "thumbprintAlgorithm": "SHA256-RSA", "validFrom": "2021-12-21T16:57:55Z", "validTo": "2024-12-20T00:00:00Z", "version": 3 } ], "certPEMDetails": { "caCerts": [], "password": "**********", "privateKey": "**********", "publicCert": "[content snipped]", "type": "PEM" }, "created": "2023-01-27T23:42:41.587760092Z", "modified": "2023-01-27T23:42:41.587760092Z", "name": "nginx-repo", "serialNumber": "", "uid": "d08d9f54-58dd-447a-a71d-6fa5aa0d880c", "validFrom": "2021-12-21T16:57:55Z", "validTo": "2024-12-20T00:00:00Z" } ``` --- ## Troubleshooting automatic updates If NGINX Instance Manager can’t connect to the repository, or the certificate is missing or invalid, you’ll see an error like: ```text missing the specific compiler, please install it and try again. ``` This means the certificate or key might be missing, invalid, or expired, or that NGINX Instance Manager can’t reach the NGINX repository. Check for related errors in the log file: ```text /var/log/nms/nms.log ``` If you see a message like this, the certificate or key is likely invalid or expired: ```text error when creating the nginx repo retriever - NGINX repo certificates not found ``` If needed, you can [install the WAF compiler manually](/nim/waf-integration/configuration/install-waf-compiler/install.md).