How to manually generate SSL certificates for Flynn applications
For the last few years the flynn team has been working on getting us letsencrypt integration. While I feel the functionally should be here soon, in the meantime we just have to make the requests ourselves
Step 1. Using letsencrypt, perform a manual request
I’m currently using Ubuntu 18.04 so to install is just a matter of
sudo apt install certbot
I’m sure you can figure out how to get it installed if you’re running any other distro.
Now to make the manual request we do
sudo certbot certonly --manual --preferred-challenges dns
This will perform a dns challenge where we set the content of a TXT record in our zone file. In my opinion it is the easiest but you also have the options of
tls-sni. (See more here
Step 2. Add to Flynn
A. If the route does not already exist in Flynn
sudo flynn -a **my-app-name** route add http \ -c /etc/letsencrypt/live/**my.domain.com**/fullchain.pem \ -k /etc/letsencrypt/live/**my.domain.com**/privkey.pem **my.domain.com**
This will add a new route () and apply our certificate and key. We are done.
B. If the route already exists in Flynn
We get the appropriate route id with
flynn -a **my-app-name** route
And we update with
sudo flynn -a **my-app-name** route update \ **http/my-very-long-route-id-593375844** -s http \ -c /etc/letsencrypt/live/**my.domain.com**/fullchain.pem \ -k /etc/letsencrypt/live/**my.domain.com**/privkey.pem
Don’t forget to change
1. Your app name (can find with
1. The route ID
2. the path for the cert
4. The path for the and key.
Done, you should now have https on your Flynn site.
Let me know if you have any questions