ShortIQ

ShortIQ

LoginGet Started

Deployment

How to Deploy a MERN App With SSL on Ubuntu

A production MERN deployment guide with HTTPS, Nginx, PM2, MongoDB environment variables, and SSL setup using Let’s Encrypt.

April 20, 2026ShortIQ Editorial Team

Advertisement

What SSL Changes in a MERN Deployment

Adding SSL means your MERN stack is no longer only about app and API routing. You also need a secure public edge that can terminate HTTPS, renew certificates reliably, and proxy traffic correctly to the backend. On Ubuntu, Nginx plus Certbot is the most practical path for many teams.

The clean production model is to serve the React frontend through Nginx, proxy API traffic to the Express backend, and let Certbot manage TLS certificates for the public domain.

Prepare the Backend and Frontend First

Before touching certificates, make sure the backend runs behind PM2 and the frontend build is already deployed. SSL should come after the stack is working over HTTP, not before.

bash
cd /var/www/mern-app/backend
npm install
pm2 start npm --name "mern-api" -- start

cd /var/www/mern-app/frontend
npm install
npm run build
env
PORT=5000
NODE_ENV=production
MONGO_URI=mongodb://127.0.0.1:27017/myapp
CLIENT_URL=https://example.com
JWT_SECRET=replace-this-with-a-strong-secret

Set Up Nginx for Frontend and API

You need one Nginx server block that serves the frontend and routes /api to the backend. Get this working over HTTP first. Once that passes, SSL becomes much easier to layer on top.

nginx
server {
    listen 80;
    server_name example.com www.example.com;

    root /var/www/mern-app/frontend/dist;
    index index.html;

    location / {
        try_files $uri /index.html;
    }

    location /api/ {
        proxy_pass http://127.0.0.1:5000/;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
bash
sudo nano /etc/nginx/sites-available/mern-app
sudo ln -s /etc/nginx/sites-available/mern-app /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx

Issue the SSL Certificate With Certbot

Once the domain is serving correctly, install Certbot and let it update the Nginx config. This is the simplest path for HTTPS on Ubuntu.

bash
sudo apt install -y certbot python3-certbot-nginx
sudo certbot --nginx -d example.com -d www.example.com
sudo certbot renew --dry-run
  • Issue certificates only after the domain resolves correctly
  • Use dry-run renewal as part of the setup, not later

Common SSL Problems in MERN Apps

One common problem is mixed content, where the frontend is on HTTPS but the API base URL still points to HTTP. Another is incorrect CLIENT_URL or CORS configuration in the backend, which can break auth or API access after SSL is enabled.

If the certificate issues successfully but the app still behaves strangely, review the frontend API URL, backend allowed origins, and Nginx proxy headers before assuming the certificate itself is the problem.

bash
pm2 logs mern-api
sudo tail -f /var/log/nginx/error.log
sudo nginx -t

What to Keep in the Deployment Checklist

For long-term reliability, keep SSL renewal, PM2 process health, Nginx status, and environment variables in the same deployment checklist. Production stability usually comes from discipline more than tooling variety.

  • PM2 process is running
  • Frontend build is current
  • API base URL is HTTPS-safe
  • Certbot renewal passes
  • Nginx config test passes before reload

FAQ

Can I deploy a MERN app with SSL on one Ubuntu server?

Yes. Many teams host the frontend, backend, and even MongoDB on one Ubuntu server initially, with Nginx handling HTTPS.

Should I install SSL before the app works on HTTP?

No. It is much safer to get the app working on HTTP first, then add SSL once routing is confirmed.

Why does my MERN frontend show mixed content after SSL?

Usually because the frontend still calls an HTTP API URL instead of the HTTPS domain.

Does Certbot work well with Nginx for MERN apps?

Yes. Certbot with the Nginx plugin is one of the easiest ways to add HTTPS on Ubuntu.

Do I need PM2 if the frontend is static?

Yes, for the backend API. The React frontend can be served statically, but the Express API still needs process management.

Related free tools

If you want to turn this topic into action, use one of ShortIQ's free tools for campaign planning, UTM structure, or QR distribution.

Continue Reading

Explore more guides on link shortener SaaS strategy, Bitly alternatives, and white label link management.