Enable SSL/TLS with Let's Encrypt and Dokku


Connecting Securely on the Web

The HTTPS protocol allows one to connect to websites and web applications in a secure way. The absence of this de-facto standard usually triggers a big red warning on modern browsers. This means that using HTTPS is nowadays a must when creating web pages and web applications that face external users.

In practice, it is not straightforward to setup servers so that they use this secure protocol. This requires acquiring and installing trusted certificates on the servers hosting the application, which requires a certain knowledge of the inner working of web servers and web protocols.

Web-hosting providers have managed solutions for this, which of course all come at a price. This is great for commercial products but not an option when dealing with personal projects or experiments that don’t really produce any value.

I’d like to describe two tools that make this problem super-accessible and easy. These are Dokku and dokku-letsencrypt.


If you haven’t heard about Dokku yet, expect to hear about it sometime in the future. Dokku is an open-source platform-as-a-service (PaaS) implementation that makes hosting web application really easy. Think Heroku that you can install wherever you want and use for free (as long as you own the hardware).
Dokku supports a number of languages (all languages supported by Herokuish) and, more importantly, it supports deployment through a Dockerfile, further expanding the array of possibilities for your deployment.

In practice Dokku can host any app that can be put in a Docker container.

Let’s Encrypt

Let’s Encrypt provides free and trusted SSL/TLS certificates that people can use for their websites.

dokku-letsencrypt is a Dokku plugin that allows one to automatically acquire and install certificates produced by Let’s Encrypt. The plugin takes care of setting up the web server and makes the installation of the certificates seamless.

The original post by Stefan Seemayer as well as the plugin’s repository’s README outline this incredibly simple procedure.

A Matter of two commands

The plugin can be installed with this command:

sudo dokku plugin:install https://github.com/dokku/dokku-letsencrypt.git

If the app named myapp is running on a Dokku installation, one can install the certificate for the app as follows. First one should set an email address for the certificate:

dokku config:set --no-restart myapp DOKKU_LETSENCRYPT_EMAIL=your@email.tld

then the certificate can be installed and the app automatically set up with

dokku letsencrypt myapp

Once this step is successful, the website is reachable via HTTPS and HTTP requests get automatically redirected

One can test the state of the installed certificates with the command

dokku letsencrypt:ls

The plugin can also set up the automatic renewal of the app’s certificate (yes, because they expire! I forgot to mention that!)

I am blown away by how much Dokku can improve one’s quality of life with little things like this. It’s possibly the easiest solution I have seen for self-hosting or self-managing web applications.

comments powered by Disqus