Sites without HTTPS get flagged "Not Secure" by browsers and rank worse in search. The good news: Let's Encrypt provides completely free SSL certificates, and you can enable HTTPS in minutes. This guide uses Nginx + Certbot.
1. Why HTTPS Is a Must
- Browsers label HTTP sites "Not Secure", scaring visitors away.
- Google explicitly treats HTTPS as a ranking signal; unencrypted sites lose out.
- Payments and logins leak data without HTTPS.
2. Prerequisites
- A VPS with a public IP and Nginx installed.
- A domain whose A record already points to the VPS IP (issuance verifies domain ownership).
- Firewall allowing ports 80 and 443.
3. Install Certbot and Issue the Certificate
On Ubuntu:
- Install: apt install certbot python3-certbot-nginx
- Issue and auto-configure Nginx: certbot --nginx -d example.com -d www.example.com
- Follow the prompts for email and terms, and choose to auto-redirect HTTP to HTTPS (recommended).
4. Automatic Renewal
Let's Encrypt certificates last 90 days, but Certbot installs a timer to renew automatically. Verify with certbot renew --dry-run — no errors means renewal works, and you never have to touch it again.
5. Common Issues
- Issuance fails: usually the domain isn't pointing to this host, or port 80 is taken/blocked by the firewall.
- Still shows "Not Secure": hard-refresh to clear cache, and make sure no http:// images/scripts remain on the page (mixed content).