🔒 Free SSL Certificates for Your Ruby on Rails App Using Let’s Encrypt

May 9, 2025

Security is no longer optional — every modern web app must support HTTPS. Thankfully, Let’s Encrypt provides free SSL certificates , and with a bit of Ruby magic, you can integrate them directly into your Rails application.

Recently, I worked on automating this setup and even contributed a pull request to simplify the process of creating the initializer configuration file with a generator. This makes it easier for anyone to jumpstart their SSL setup with minimal manual steps.

Want to optimize how you handle SSL certificates on your websites?

Take a moment to level up your infrastructure and security — all while keeping it free and automated with Let’s Encrypt + Ruby on Rails.

Ready to simplify and secure your setup?

Get in touch

What You’ll Use

• rails-letsencrypt: A gem that provides a simple interface to Let’s Encrypt’s ACME protocol.
• Redis + ngx_mruby (optional): Dynamically serve certificates in Nginx using data from Redis.
• Sidekiq or Cron : To automate certificate renewals.

Step-by-Step Setup

• Add the Gem

In your Gemfile:

gem 'rails-letsencrypt'

Then:

bundle install
rails generate lets_encrypt:install
rake db:migrate

• Register and Set Up Your Private Key

rails generate lets_encrypt:register

• Mount the ACME Challenge Route

# config/routes.rb
mount LetsEncrypt::Engine => '/.well-known'

• Configuration (via initializer)

The gem now includes a generator to scaffold the initializer:

rails generate lets_encrypt:initializer

This will create config/initializers/letsencrypt.rb:

LetsEncrypt.config do |config|
  config.use_staging = false
  config.private_key_path = Rails.root.join('config', 'letsencrypt.key')
  config.save_to_redis = true
  config.redis_url = 'redis://localhost:6379/1'
end

• Issue a Certificate

cert = LetsEncrypt::Certificate.create(domain: 'yourdomain.com')
cert.get

• Auto-Renew with Sidekiq

LetsEncrypt::RenewCertificatesJob.perform_later

Bonus: Nginx with ngx_mruby

If you’re running Nginx and want to serve certificates dynamically, you can load them from Redis using ngx_mruby. This avoids the need to reload Nginx when certs renew.

Example Nginx config snippet:

server {
  listen 443 ssl;
  server_name _;

  ssl_certificate certs/dummy.crt;
  ssl_certificate_key certs/dummy.key;

  mruby_ssl_handshake_handler_code '
    ssl = Nginx::SSL.new
    domain = ssl.servername

    redis = Userdata.new.redis
    unless redis["#{domain}.crt"].nil? and redis["#{domain}.key"].nil?
      ssl.certificate_data = redis["#{domain}.crt"]
      ssl.certificate_key_data = redis["#{domain}.key"]
    end
  ';
}

Why This Matters

• Zero cost : SSL certs from Let’s Encrypt are completely free.
• Automated : No more manually renewing or deploying certificates.
• Secure by default : Build Rails apps that follow modern security practices out of the box.

If you’re managing your own servers or building SaaS platforms with Rails, I highly recommend integrating Let’s Encrypt early in your deployment pipeline. I’m happy to share more details or help you debug your setup if needed.

Let me know if you’ve implemented something similar or if you’re interested in contributing to this gem!