Renewing Let’s Encypt certificates in DigitalOcean’s Rails One-click app

A few months ago, I decided to add HTTPS support to my Rails app. I have been running it on an easy-to-setup DigitalOcean droplet for almost a year now. Given that the application is more of a hobby, I opted for the free Let’s Encrypt certificates.

DigitalOcean One Click Apps

DigitalOcean has a great resource of helpful blog posts and I found one that helped me setup SSL for the first time in my life. How To Secure Nginx with Let’s Encrypt on Ubuntu 14.04 was an almost perfect match with my Rails setup.

It’s just so easy to get started these days that beginners like me will miss some details that they will have to learn later. There were some hiccups on the way, which helped me learn more about my Rails setup, nginx and the Unicorn web server.

Everything I know I have learned by doing and this was no exception.

I arrived at this solution through trial-and-error method, which is what my staging server is setup for anyways. This is what I did.

After the first failed run, I learned that DigitalOcean Rails droplet does not have Pip installed by default. Pip manages additional Python packages from Python Package Index. Make sure your Pip is installed and up to date with

sudo apt-get install pip
pip install --upgrade pip

My servers have limited RAM so I stopped Unicorn after a few unsuccessful attempts at renewing the certificate. However, make sure your nginx is running and setup as instructed in the DigitalOcean guide so that Let’s Encrypt can validate your site. To renew your certificate, run the following command replacing rails_app with your rails application folder.

sudo service unicorn stop
sudo service nginx start
sudo /opt/letsencrypt/letsencrypt-auto renew --webroot -w /home/rails/rails_app/public/

Next, I will ensure that the automatic renewal from DigitalOcean’s guide is working properly.

For $10 credit on DigitalOcean, use my referral link, which will award me with $25 after you’ve spent that amount.