Question

Enabling HTTPS access to Droplet

What I want to do Expose an Flask API via Droplet over HTTPS.

What I’ve done

  • I’ve got the Flask API up and running via Droplet over HTTP (not HTTPS)
  • I’ve configured a certificate using Let’s Encrypt (I manage the domain using Digital Ocean)

Questions

  • In the Digital Ocean UI, it says “Certificates can be used for secure traffic forwarding with load balancers, and spaces CDNs.” – Does this mean these certs can’t be used for other purposes as well (i.e. configuring HTTPS)?
  • Can I access the cert files created via Let’s Encrypt somewhere?

Thank you in advance.


Submit an answer


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

alexdo
Site Moderator
Site Moderator badge
March 29, 2023

Hello @billygenerativelabs

You can secure the traffic with the Let’s Encrypt’s SSL Certificate with no issues, usually, this is what they’re mostly used for in general.

The certificate files should be stored in /etc/letsencrypt/ and you can inspect them at any time.

You can also set up a cronjob to auto-renew the certificate.

  1. /usr/bin/certbot renew --quiet

Regards

Thank you both.

@Richard: Yes, I noticed the documentation indicated that certificates can be used with load balancers, easy enough, but given that I’m not using a load balancer at this point (as the traffic doesn’t warrant it), I was looking to know if I could use those same certificates to secure an HTTP server directly.

@KFSys: Interesting, I will look. I ended up running CERTBOT directly on the Droplet server, mounted the directory containing the cert into my container, and then referenced them in Dockerfile’s Gunicorn run command. It ended up working great, but was a little more work than expected.

I have services running the way you describe:

  • a load balancer with an SSL certificate forwarding to
  • a Droplet running an HTTP server It just works. :-) There’s no need to know anything else about the SSL certificate.

(Want more help? Just ask.)

Try DigitalOcean for free

Click below to sign up and get $200 of credit to try our products over 60 days!

Sign up

Get our biweekly newsletter

Sign up for Infrastructure as a Newsletter.

Hollie's Hub for Good

Working on improving health and education, reducing inequality, and spurring economic growth? We'd like to help.

Become a contributor

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Welcome to the developer cloud

DigitalOcean makes it simple to launch in the cloud and scale up as you grow — whether you're running one virtual machine or ten thousand.

Learn more
DigitalOcean Cloud Control Panel