# Cloudflare certificates + Dokku

# Cloudflare certificates + Dokku

> How to create and install Cloudflare SSL / TLS encryption certificates for your Dokku app (instead of Letsencrypt).

Source: https://okhlopkov.com/cloudflare-certificates-dokku/

I'll show you how I did it with the blog you are currently reading: okhlopkov.com . Cloudflare is a free worldwide CDN which also can issue a TLS/HTTPS certificate for your domain or subdomain. Dokku is a free open-source self-hosted Heroku alternative which I use in all my production environments. Why you might want to do it Letsencrypt is cool but you need to renew its certificates every 3 months. Yes, you can create a crontab task to automatically do it but I always forget to. CF certificates are valid for 15+ years. 😎 Cloudflare is not only DNS but also a CDN. If your Dokku apps have a frontend you might want to benefit from worldwide & free CDN to speed up your stuff and decrease the load on servers. Step 1: Attach your domain to Cloudflare You need to change the nameservers on your DNS provider (probably just where you have bought your domain). Create an account on Cloudflare and it will show you a step-by-step guide on how to do that (great onboarding by the way). Really loved @Cloudflare onboarding! So easy to start and transfer my domains — Dan Okhlopkov 🍪 (@danokhlopkov) July 26, 2021 Step 2: Create certificates for your backend Now we are going to create our own certificates to encrypt CF <> Backend communication. https://twitter.com/danokhlopkov/status/1419800321166094336 Open SSL/TLS -> Origin Server menu and press Create Certificate . Ow, boy! 15 years If you want to also encrypt domains like super.secret.okhlopkov.com , you need to manually specify them in the List of hostnames field. Otherwise, just press create. Congratz! Now you have your unique and shiny HTTPS encryption certificates! try to guess the other part of my keys! Step 3: Upload certs to the server Now you need to create files on your server and copy-paste there your keys. Open a new ssh connection, create a folder for certs and create these files. I like to use vim to copy-paste the keys. mkdir certs vim certs/okhlopkov.com.crt # copy-paste the first Certificate vim certs/okhlopkov.com.key # copy-paste the second Private Key Step 4: Attach certs to Dokku app You will need to create a .tar archive with these files and then send it to the dokku. Imagine that the name of your Dokku app is ghost : tar -cvf certs/okhlopkov.com.tar certs/okhlopkov.com.crt certs/okhlopkov.com.key dokku certs:add ghost < certs/okhlopkov.com.tar dokku proxy:build-config ghost Step 5: Enable CF Proxy and Full encryption Now you can do it! OW YEAH, Let's do it, CDN! That's it! Thanks for reading. I basically just did the SSL/TSL encryption for my blog and simultaneously wrote down this step-by-step guide. Good luck with your stuff, dudes! Share this article somewhere , please.