Adding a LetsEncrypt certificate for a subdomain with a NodeJS App

So you know how to add a Let's Encrypt certificate for your domain? So did I.

And do you know how to set up a subdomain with a NodeJS app? So did I. It's not much different from the process of setting a Ghost blog on a subdomain.

Now comes the fun part... adding a SSL certificate for that subdomain! While it's certainly not rocket science, the .conf file is a bit tricky. But no worries, future me will be able to come back to this post and figure out how I did it!

The SSL certificate part is trivial. Just navigate to your letsencrypt directory, in my case opt/letsencrypt and add it for your desired subdomain

cd opt/letsencrypt
sudo ./letsencrypt-auto certonly -d subdomain.domain.tld --standalone

For the .conf file, the one inside etc/nginx/sites-enabled, here's the magic code:

server {
    listen 80;
    server_name subdomain.domain.tld;

    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl;
    server_name subdomain.domain.tld;

    location / {
        proxy_pass http://localhost:2801;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }

    ssl on;
    ssl_certificate /etc/letsencrypt/live/subdomain.domain.tld/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.tld/privkey.pem;
    ssl_prefer_server_ciphers On;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
}

Replace subdomain.domain.tld with your particular case and don't forget to set the correct port used by the node app (used by this line proxy_pass http://localhost:2801;)

And that's it! Who needs to know things when you can just refer to your own blog, right?