Originally posted on January 7, 2016. The article was updated May 31, 2017 based on the many wonderful updates to Let’s Encrypt and Elixir/Phoenix.

In this article we are going to setup a Phoenix web application (running Elixir) with SSL configured using LetsEncrypt (i.e. all traffic running through SSL / HTTPS) and certbot.

Let’s Encrypt continues to promising, and a year since I first wrote this article looks like a lot has changed. First, there’s much better support for Nginx (so my other article is now very out of date).

Before we get started, you will need a few things installed first, I have provided links to installation scripts for Ubuntu 16.04 if you don’t already have an environment up and running.

Older versions might still work, so don’t go upgrading just yet; try things out and let me know if you run into problems.

Let’s create a new app and configure it for port 80

echo "Y" | mix phx.new isafe

cd isafe

vi config/dev.exs # and/or config/prod.exs

Change the port from 4000 to 80. Please note this isn’t an article about a production deploy of your application (refer here for that). Let’s start up your server

MIX_ENV=PROD mix phx.server

You should now see your site live (on port 80)

Next, we will need to tweak our routes to enable webroot authorization of Lets Encrypt. Let’s edit our endpoint.ex

vi ./lib/isafe/web/endpoint.ex

We need to allow anything from .well-known to route through Plug.Static for Let’s Encrypt authentication.

plug Plug.Static,

at: "/", from: :isafe, gzip: false,

only: ~w(css fonts images js favicon.ico robots.txt .well-known)

Restart your server!

MIX_ENV=prod mix phx.server

Note that I updated the instructions to work with prod, as there were some issues with renewals as noted on StackOverflow). The major change is that assets (aka images, JSON, .well-known files) will be drawn from the _build directory. Let’s test our change:

mkdir -p ./_build/prod/lib/isafe/priv/static/.well-known

(cd ./_build/prod/lib/isafe/priv/static && \

echo "hello world" > .well-known/XXXYYY.html)

Open your browser to that page, and you should see the text below.

If you see an error like the following then something went awry (maybe you didn’t restart your server, or didn’t edit the correct file).