Setup SSL Certificates & Serve your Applications over HTTPS for Free with Dokku & Let's Encrypt

In this tutorial we are going to take a look at how we can setup free SSL certificates for our Dokku powered applications with Let's Encrypt.

Let's Encrypt is a non-profit organization that provides TLS (Transport Layer Security) encryption at no charge. Their goal is to make the web a more secure place by providing free 90 days SSL certificates so that more people can server their applications and websites of HTTPS.

We will make use of Dokku's Let's Encrypt plugin to manage https:// for our applications and apply cron jobs so that our SSL certificates will auto-renew upon expiry.

First of all, make sure that you have added and set you domains from within your Dokku instance. I assume that you have changed your name servers and configured your DNS records specific to your server and domain according to the previous tutorials of this series.

dokku domains:add frontend yourdomain.com
dokku domains:set frontend yourdomain.com
dokku domains:add backend api.yourdomain.com
dokku domains:set backend api.yourdomain.com

Before we start we can also double check that everything is working as intended.

dokku domains:report

The report should contain the following output if we have setup our domains correctly.

=====> backend domains information
       Domains app enabled:           true
       Domains app vhosts:            api.yourdomain.com
       Domains global enabled:        true
       Domains global vhosts:         yourdomain.com
=====> frontend domains information
       Domains app enabled:           true
       Domains app vhosts:            yourdomain.com
       Domains global enabled:        true
       Domains global vhosts:         yourdomain.com

1. Install Dokku's Let's Encrypt Plugin

Dokku comes packed with plugins that integrate with third-party services like databases and other open-source tools. A plugin that I specifically like is Dokku's Let's Encrypt Plugin which makes it super simple to setup free SSL certificates that can be auto-renewed with cron jobs.

Let's install the plugin (on your server)

sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git

2. Add your Email to your Dokku Config

Add an email in your config for LetsEncrypt.

dokku config:set --no-restart backend DOKKU_LETSENCRYPT_EMAIL=some@email.com

dokku config:set --no-restart frontend DOKKU_LETSENCRYPT_EMAIL=some@email.com

3. Setup SSL certificates for your apps

As soon as the emails are added to your Dokku config we can go ahead and add SSL certificates to our apps.

dokku letsencrypt backend

dokku letsencrypt frontend

4. Add Cron Jobs to automatically renew your SSL certificates

dokku letsencrypt:cron-job --add

dokku letsencrypt:auto-renew

Could it get any simpler? Your SSL certificates are now set up and your application is served via https://.

5. Redirect www. to non-www.

As a bonus I thought I'd share how you can redirect www. to non-www. to eliminate confusion for the end-user. To achive this we will use Dokku's redirect plugin.

dokku plugin:install https://github.com/dokku/dokku-redirect.git

When the plugin is installed we can go ahead and set the redirects.

dokku redirect:set backend www.api.yourdomain.com api.yourdomain.com

dokku redirect:set frontend www.yourdomain.com yourdomain.com

If you remember the old days of buying SSL certificates and uploading them via cPanel, you can truly appreciate the simplicity of this process. A Big shoutout to all the people working on the open-source project Dokku and the people behind Let's Encrypt!