Setup SSL Certificates & Serve your Applications over HTTPS for Free with Dokku & Let's Encrypt
In this tutorial we are going to take a look at how we can setup free SSL certificates for our Dokku powered applications with Let's Encrypt.
Let's Encrypt is a non-profit organization that provides TLS (Transport Layer Security) encryption at no charge. Their goal is to make the web a more secure place by providing free 90 days SSL certificates so that more people can server their applications and websites of HTTPS.
We will make use of Dokku's Let's Encrypt plugin to manage https:// for our applications and apply cron jobs so that our SSL certificates will auto-renew upon expiry.
First of all, make sure that you have added and set you domains from within your Dokku instance. I assume that you have changed your name servers and configured your DNS records specific to your server and domain according to the previous tutorials of this series.
dokku domains:add frontend yourdomain.com dokku domains:set frontend yourdomain.com dokku domains:add backend api.yourdomain.com dokku domains:set backend api.yourdomain.com
Before we start we can also double check that everything is working as intended.
The report should contain the following output if we have setup our domains correctly.
=====> backend domains information Domains app enabled: true Domains app vhosts: api.yourdomain.com Domains global enabled: true Domains global vhosts: yourdomain.com =====> frontend domains information Domains app enabled: true Domains app vhosts: yourdomain.com Domains global enabled: true Domains global vhosts: yourdomain.com
1. Install Dokku's Let's Encrypt Plugin
Dokku comes packed with plugins that integrate with third-party services like databases and other open-source tools. A plugin that I specifically like is Dokku's Let's Encrypt Plugin which makes it super simple to setup free SSL certificates that can be auto-renewed with cron jobs.
Let's install the plugin (on your server)
sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git
2. Add your Email to your Dokku Config
Add an email in your config for LetsEncrypt.
dokku config:set --no-restart backend DOKKU_LETSENCRYPT_EMAILfirstname.lastname@example.org
dokku config:set --no-restart frontend DOKKU_LETSENCRYPT_EMAILemail@example.com
3. Setup SSL certificates for your apps
As soon as the emails are added to your Dokku config we can go ahead and add SSL certificates to our apps.
dokku letsencrypt backend
dokku letsencrypt frontend
4. Add Cron Jobs to automatically renew your SSL certificates
dokku letsencrypt:cron-job --add dokku letsencrypt:auto-renew
Could it get any simpler? Your SSL certificates are now set up and your application is served via https://.
5. Redirect www. to non-www.
As a bonus I thought I'd share how you can redirect www. to non-www. to eliminate confusion for the end-user. To achive this we will use Dokku's redirect plugin.
dokku plugin:install https://github.com/dokku/dokku-redirect.git
When the plugin is installed we can go ahead and set the redirects.
dokku redirect:set backend www.api.yourdomain.com api.yourdomain.com dokku redirect:set frontend www.yourdomain.com yourdomain.com
If you remember the old days of buying SSL certificates and uploading them via cPanel, you can truly appreciate the simplicity of this process. A Big shoutout to all the people working on the open-source project Dokku and the people behind Let's Encrypt!