Have you seen the "Not secure" warning in your browser's address bar? Your visitors see it too, and many leave right then. The way to remove that warning is to install an SSL certificate. The good news: it is now free and takes a few minutes.An SSL certificate encrypts traffic between the browser and your server. Passwords, form data, and cookies cannot be read in transit. It also verifies that the site truly belongs to you. This guide walks through the practical steps for moving to HTTPS from scratch.
Why you need an SSL certificate
HTTPS is no longer a luxury but a basic requirement. Google uses HTTPS as a ranking signal. Browsers clearly flag sites without encryption. For any site that accepts payments or logins, an encrypted connection has become mandatory.On an unencrypted connection, anyone in the middle can read all data as plain text. An SSL certificate removes that risk. A password the visitor types stays encrypted until it reaches your server. This trust directly affects conversion rates too.Among certificate types, domain validated ones are the most common. For small and mid-sized sites this type is more than enough. Those who want wider coverage can look at wildcard or multi-domain certificates.
A free certificate with Let's Encrypt
Getting an SSL certificate used to cost money and effort. Let's Encrypt changed that. This nonprofit authority issues free, automated certificates to everyone. Millions of sites rely on this infrastructure today.Let's Encrypt certificates are valid for 90 days. This short window is intentional; it encourages automation and lowers risk. The setup tool handles renewal for you. The official getting started docs explain the whole process in detail.To get the certificate, your domain must point to your server. If your DNS record is correct and port 80 is open, validation takes seconds. So check your DNS settings before you begin the install.
Installing certbot and nginx
Certbot is the easiest way to install Let's Encrypt certificates. It installs on your server, validates the domain, and updates your nginx configuration automatically. On Ubuntu the install runs through these steps.
sudo apt update sudo apt install certbot python3-certbot-nginx sudo certbot --nginx -d example.com -d www.example.com
When the last command runs, certbot asks you a few questions. It wants your email and whether you want to redirect HTTP to HTTPS. Choosing the redirect is recommended. That way visitors move to the secure version automatically.Once certbot finishes, your nginx configuration is updated. The certificate files land on your server and port 443 starts listening. When you open your site in a browser, you now see the lock icon.
Setting up automatic renewal
Your certificate must renew every 90 days. Tracking that by hand is both tedious and risky. Certbot adds a systemd timer during installation. This timer runs twice a day and renews certificates that are close to expiring.To test that renewal works, you can run a dry run:
sudo certbot renew --dry-run
This command simulates the whole process without making a real renewal. If it finishes without errors, automatic renewal is ready. If you want to check the timer status, the command below does the job.
CommandWhat it does
certbot renew --dry-run | Tests renewal without making real changes
systemctl list-timers | Shows the scheduled renewal task
certbot certificates | Lists installed certificates and expiry dates
HSTS and mixed content issues
You moved to HTTPS, but the job is not done yet. Two more things need handling. The first is the HSTS header, the second is mixed content warnings.HSTS tells the browser to open your site only over HTTPS. That way even the first unencrypted request is blocked. You add the line below to your nginx server block. Only take this step after you confirm HTTPS works without issues.
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
Mixed content is when the page loads over HTTPS but some of its resources come from HTTP. Images, scripts, or styles cause this. The browser then hides the lock icon or blocks the resource. The fix is to switch every link to HTTPS.
- Change hardcoded HTTP links in themes and plugins to HTTPS.
- Bulk update old URLs stored in your database.
- Replace external resources with their HTTPS versions.
- Clear mixed content warnings in the browser console one by one.
Moving to secure infrastructure
SSL certificate setup takes minutes on the right server. But it needs an environment where you can reach ports 80 and 443 and have root access. On shared hosting that flexibility often is not there.At Kritm Cloud Solutions, our Turkey-based VPS and cloud servers give you full control. You install certbot, configure nginx, and set HSTS headers however you like. Your custom software projects get a secure foundation too. Take a look at our cloud solutions, or get in touch for setup support.In short, an SSL certificate is now essential for your site's security and reputation. Let's Encrypt and certbot make it free and automatic. Install the certificate, verify auto-renewal, add HSTS, and clear mixed content. That way your visitors never see the "Not secure" warning again.