Dokku: free SSL & HTTP/2 in 5 minutes

Pretty simple guide to secure your dokku app

In 2017 it’s unacceptable to use insecure and outdated version of HTTP-protocol. If you use dokku for deploying your app, then all you need is follow these 5 steps:

  1. Install dokku-letsencrypt plugin
$ sudo dokku plugin:install

2. Add your email

$ dokku config:set --no-restart myapp DOKKU_LETSENCRYPT_EMAIL=your@email.tld

3. Encrypt

$ dokku letsencrypt myapp

dokku-letsencrypt do all the dirty work: it generates and install certs, confirm server and domain ownership, update nginx config to support SSL and HTTP/2 and enables redirects from HTTP to HTTPS

4. Let’s Encrypt’s certificates lifetime is 90 days, but it can be auto-renewed

$ dokku letsencrypt:auto-renew myapp

5. And finally we can automate it by adding just one line to cron:

@weekly dokku letsencrypt:auto-renew

It’ll check certs for all your apps every week and auto renew it if needs.

Done! Go to browser to be sure it works as well!