Sites without HTTPS get flagged "Not Secure" by browsers and rank worse in search. The good news: Let's Encrypt provides completely free SSL certificates, and you can enable HTTPS in minutes. This guide uses Nginx + Certbot.

1. Why HTTPS Is a Must

  • Browsers label HTTP sites "Not Secure", scaring visitors away.
  • Google explicitly treats HTTPS as a ranking signal; unencrypted sites lose out.
  • Payments and logins leak data without HTTPS.

2. Prerequisites

  • A VPS with a public IP and Nginx installed.
  • A domain whose A record already points to the VPS IP (issuance verifies domain ownership).
  • Firewall allowing ports 80 and 443.

3. Install Certbot and Issue the Certificate

On Ubuntu:

  • Install: apt install certbot python3-certbot-nginx
  • Issue and auto-configure Nginx: certbot --nginx -d example.com -d www.example.com
  • Follow the prompts for email and terms, and choose to auto-redirect HTTP to HTTPS (recommended).

4. Automatic Renewal

Let's Encrypt certificates last 90 days, but Certbot installs a timer to renew automatically. Verify with certbot renew --dry-run — no errors means renewal works, and you never have to touch it again.

5. Common Issues

  • Issuance fails: usually the domain isn't pointing to this host, or port 80 is taken/blocked by the firewall.
  • Still shows "Not Secure": hard-refresh to clear cache, and make sure no http:// images/scripts remain on the page (mixed content).