Setting up SSL with LetsEncrypt and MeteorUp

I have a question about local force-ssl though…

Yes, in browser I could use http://localhost:3000 , but when developing mobile stuff, I’d like to connect my iPhone from local WIFI, say , with force-ssl, that would always redirect to https://localhost

Is there a workaround?

Thanks so much @energistic !! For me there were 2 key additional steps / notes:

2 key missing steps:

  1. set ROOT_URL to https
  2. run mup setup (then mup deploy)

I found these here:

If I am using mupx which uses .key and .crt files instead of a .pem, any suggestions how to get this working when the certificates spit out .pem files?

@AndreasGalster One thing you can try is to create two separate files with .key and .crt extension, and copy the certificate parts and key parts inside the .pem file in to these two files and use it in mupx.

I tried that but it broke my server. It uploaded the site but then when redirecting to the SSL site it didn’t work.

I think I used this before for the crt file:

openssl x509 -outform der -in your-cert.pem -out your-cert.crt

For the private key I can’t remember if I just renamed it or tried something from this stackoverflow question:

This would be awesome!

Especially because letsencrypt requires a downtime of the Meteor server to check if the domain is in your property, which it does on port 80. This is not a big issue on the first certificate creation, where you typically have your server in production yet. But if you’re extending your certificate afterwards (e.g. I did so to get an additional cert for my staging server), any downtime is not desirable. It would be perfect if mupx could keep that downtime at least as short as possible.

You can use .pem with mupx, I did not have any problems with that. Just make sure you’re using the fullchain .pem as the cert, and the private key .pem as the key.


You are right! Both .pem and .crt/.key work.

The issue seems to be that a long time ago I first tried to set up with mup before doing it with mupx since mup wasn’t working. MUP created an opt/something folder, which is no longer used in mupx. mup has a known issue when deploying certificates with that folder available. The solution for me was to simply create a new app with a new appName, which creates a new docker container I guess. An alternative solution is to get rid of that specific opt folder, which I couldn’t find though, which is why I simply used a new appName in my mup.json file

Don’t forget to stop the old app before starting and deploying a new app.

create file this suports :slight_smile: and setting mup.json
"ssl": {
“pem”: “./”

I’m having problems having this to work with together with the meteorhacks:cluster package.
does anyone managed to get this working?

If using the browzer-policy package does one need to add extra exceptions?


For anyone interested, I worked a bit this weekend on the integration of Let’s Encrypt in MeteorUp. Feel free to contribute to the PRs. Here the two pull requests!

Thank you,


the solved issue is here:

As I couldn’t make it work with stud, I end up using Nginx for that. It seems to be working fine now.
I guess I should switch to mupx which uses Nginx anyway.

Hello, I’m using this more nginx to proxy the meteor port to the port 80/443.

There are any way to remove nginx ? I can’t run meteor on port 80 because I have a few apps runing on the same server, that why I need nginx.


Do you have any cronjob sample for this?

1 Like

I’m attempting to try this on my prod server.

I can’t do this on my test server (I don’t own the domain name there) so I’m a little nervous.

Just a few questions,

  • if it all goes pear shape, how do I revert out of this? Do I just need to do “meteor deploy” again without the SSL stuff in mup.json?
  • I have another prod server that I plan to do this in the future, and it consists of a whole bunch of meteor apps all being served from port 80 using nginx. Will this process just SSH all of my sites on this server? And do I need to make changes to my nginx config to let in 443?
  • Someone already asked this but can someone post a sample of crontab job?

I’m just reading up on this myself, but here are some answers from what I understand.

  1. Adding the SSL values in mup.json simply gets mup to use an additional front-end nginx server in front of the same bundled app you had before adding SSL. So yes, I would think you can revert your mup.json to remove the SSL key, do “mup deploy”, and get back your old deployment. mup also has a mechanism for falling back to a previous deployment in case the current deployment fails.

  2. For similar reasons, unless your 2nd prod server somehow uses mup to set up nginx, you probably need to configure your nginx separately from mup. In that case I think you wouldn’t need to set up SSL for each individual app, assuming they’re all under the same domain.

  3. The cron job solution is typically recommended for installations that are able to use the “webroot” option, which allows the cert to be issued without starting and stopping the server. So, a cron job may not make sense for the manual process discussed in this thread, where you need to stop and re-run mup deploy.

Again, this is all pretty new to me so anyone feel free to provide more info. Good luck, let us know how it goes!

is it or ssl.pem ?

Not sure it matters. Whatever you named the file