Properly run FastAPI uvicorn+gunicorn with HTTPS

To run the FastAPI on HTTPS: edit systemctl service file of your app service. On Ubuntu, those files located at (/etc/systemd/system/)
If you don’t remember where you put the service file of your app – just run the systemctl status command: systemctl status appname
systemctl status appname

systemctl status appname

Add two arguments related to the SSL certificate to the execute command: --certfile="/etc/letsencrypt/live/yourdomain/fullchain.pem" --keyfile="/etc/letsencrypt/live/yourdomain/privkey.pem"

This is what the service file looks like:

uvicorn gunicorn run command on systemd service file
uvicorn gunicorn run command on systemd service file


Pay the maximum attention to the first cert attribute –


on most guides recommended putting a link to your “cert.pem” file. However the right technique would be putting a link to fullchain.pem file. Otherwise, you will end up with an “unable to verify the first certificate” error. All cert files located under /etc/letsencrypt/live/yourdomain Why? For example, the certbot has added this code to my nginx.conf file(located under /etc/nginx/conf.d/):

fullchain under nginx configuration file
fullchain under Nginx configuration file

You can find your cert keys by visiting letsencrypt folder. The above example is working on Vultr VPN, Ubuntu 20.04 TLS, Nginx, my uvicorn running under gunicorn, SSL was auto-generated with certbot.


The reason why I transferred my FastAPI project to HTTPS – is to enable the Paddle payment gateway. All of their requests should be passed to HTTPS pages, only.

These tips I have applied to my microservice project. If you’re testing your project locally, you might be interested in this post on how I’ve been running Django under a local machine.

Leave a Comment