đź”’ Free SSL Certificates for Your Ruby on Rails App Using Let’s Encrypt

coding, Programming, Ruby, Ruby on Rails, Services & Subscriptions, Software Development, Weelkly Article 2 Minutes

May 9, 2025

Security is no longer optional — every modern web app must support HTTPS. Thankfully, Let’s Encrypt provides free SSL certificates, and with a bit of Ruby magic, you can integrate them directly into your Rails application.

Recently, I worked on automating this setup and even contributed a pull request to simplify the process of creating the initializer configuration file with a generator. This makes it easier for anyone to jumpstart their SSL setup with minimal manual steps.

đź”’ Want to optimize how you handle SSL certificates on your websites?

Take a moment to level up your infrastructure and security — all while keeping it free and automated with Let’s Encrypt + Ruby on Rails.

🎯 Ready to simplify and secure your setup?

Get in touch

🧰 What You’ll Use

Article content
  • rails-letsencrypt: A gem that provides a simple interface to Let’s Encrypt’s ACME protocol.
  • Redis + ngx_mruby (optional): Dynamically serve certificates in Nginx using data from Redis.
  • Sidekiq or Cron: To automate certificate renewals.

âś… Step-by-Step Setup

  • Add the Gem

In your Gemfile:

gem 'rails-letsencrypt'

Then:

bundle install
rails generate lets_encrypt:install
rake db:migrate
  • Register and Set Up Your Private Key
rails generate lets_encrypt:register
  • Mount the ACME Challenge Route
# config/routes.rb
mount LetsEncrypt::Engine => '/.well-known'
  • Configuration (via initializer)

The gem now includes a generator to scaffold the initializer:

rails generate lets_encrypt:initializer

This will create config/initializers/letsencrypt.rb:

LetsEncrypt.config do |config|
  config.use_staging = false
  config.private_key_path = Rails.root.join('config', 'letsencrypt.key')
  config.save_to_redis = true
  config.redis_url = 'redis://localhost:6379/1'
end
  • Issue a Certificate
cert = LetsEncrypt::Certificate.create(domain: 'yourdomain.com')
cert.get
  • Auto-Renew with Sidekiq
LetsEncrypt::RenewCertificatesJob.perform_later

🧠 Bonus: Nginx with ngx_mruby

If you’re running Nginx and want to serve certificates dynamically, you can load them from Redis using ngx_mruby. This avoids the need to reload Nginx when certs renew.

Example Nginx config snippet:

server {
  listen 443 ssl;
  server_name _;

  ssl_certificate certs/dummy.crt;
  ssl_certificate_key certs/dummy.key;

  mruby_ssl_handshake_handler_code '
    ssl = Nginx::SSL.new
    domain = ssl.servername

    redis = Userdata.new.redis
    unless redis["#{domain}.crt"].nil? and redis["#{domain}.key"].nil?
      ssl.certificate_data = redis["#{domain}.crt"]
      ssl.certificate_key_data = redis["#{domain}.key"]
    end
  ';
}

🙌 Why This Matters

  • Zero cost: SSL certs from Let’s Encrypt are completely free.
  • Automated: No more manually renewing or deploying certificates.
  • Secure by default: Build Rails apps that follow modern security practices out of the box.

If you’re managing your own servers or building SaaS platforms with Rails, I highly recommend integrating Let’s Encrypt early in your deployment pipeline. I’m happy to share more details or help you debug your setup if needed.

💬 Let me know if you’ve implemented something similar or if you’re interested in contributing to this gem!

Article content
Unknown's avatar

Published by ggerman

Software Developer | Ruby on Rails | Embedded Systems Enthusiast I’m a backend developer with 10+ years of experience building scalable systems and crafting robust APIs with Ruby on Rails, Python, and PHP. I thrive on delivering confident solutions, leveraging tools like AWS, Docker, and RSpec to ensure stability and performance. Beyond coding, I love blending hardware and software in IoT projects, creating innovative solutions with Arduino C++ and MicroPython. Always learning, always solving.

Published

Leave a comment