One of the final and most important steps when launching a website or web application is enabling HTTPS. Whether you’re hosting a WordPress website, a Spring Boot application, a Laravel project, or a custom-built platform, securing your domain with an SSL certificate is no longer optional. Modern browsers actively warn visitors when a website is not secure, and search engines favour websites that use HTTPS.
The good news is that you no longer need to purchase an SSL certificate for most websites. Let’s Encrypt provides free, trusted SSL certificates that can be installed in just a few minutes. During a recent deployment of a Spring Boot application on Ubuntu 24.04, the SSL setup turned out to be one of the quickest parts of the entire deployment process. Once the application and Nginx were working correctly, enabling HTTPS took only a few commands.
In this guide, we’ll walk through the process of installing and configuring a Let’s Encrypt SSL certificate on an Ubuntu VPS running Nginx.
Why HTTPS Is a Must
HTTPS encrypts the communication between your visitors and your server. This protects login credentials, personal information, payment data, and other sensitive information from being intercepted while in transit.
Beyond security, HTTPS has become the standard for professional websites. Browsers such as Chrome, Firefox, and Edge display warnings when visitors access websites that do not use SSL. In many cases, this can reduce trust and negatively impact conversions, registrations, or sales.
Search engines also consider HTTPS as a ranking signal, making SSL important from both a security and SEO perspective.
Before Installing an SSL Certificate
Before requesting a certificate from Let’s Encrypt, make sure the following requirements are met:
- Your domain name points to your VPS.
- Nginx is installed and serving your website correctly.
- The website is accessible over HTTP.
- Port 80 is open and reachable from the internet.
You should be able to visit:
http://yourdomain.com
And see your website loading successfully before moving on to SSL configuration.
Installing Certbot on Ubuntu
Let’s Encrypt certificates are managed using a tool called Certbot. On Ubuntu, installation is straightforward.
sudo apt update
sudo apt install certbot python3-certbot-nginx -y
The Nginx plugin allows Certbot to automatically verify domain ownership and update your Nginx configuration with the required SSL settings.
Requesting a Let’s Encrypt Certificate
Once Certbot is installed, request a certificate using the following command:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
Replace the example domains with your actual domain name.
Certbot will ask for your email address; this is used only for renewal reminders if something goes wrong, and ask you to agree to the terms of service. It then contacts the Let’s Encrypt servers, completes the domain validation automatically, and issues the certificate. Once issued, it modifies your Nginx configuration on its own: it adds the HTTPS server block, points it to the new certificate files, and inserts a redirect so that any visitor arriving over plain HTTP is automatically sent to the HTTPS version. You do not need to edit the Nginx configuration manually.
Reload Nginx to apply the changes:
sudo systemctl reload nginx
Open your domain in a browser. You should see the padlock icon in the address bar. That is it — your site is now running on HTTPS.
To verify the certificate details and confirm automatic renewal is active:
certbot certificates sudo systemctl status certbot.timer
Run a renewal dry run to make sure the auto-renewal process will work when the time comes:
One of the biggest advantages of Let’s Encrypt is automatic renewal. Certificates are valid for 90 days, but Certbot automatically renews them before they expire.
You can test the renewal process with:
sudo certbot renew --dry-run
If the test completes successfully, no further action is usually required. Future renewals will happen automatically in the background.
Once the process completes, visit your website using HTTPS:
https://yourdomain.com
If everything is configured correctly, your browser should display a secure padlock/secure icon next to the domain name.
If You Are Using Cloudflare, Get the SSL Mode Right
Once the certificate is installed and HTTPS is confirmed working, you can enable Cloudflare’s proxy (the orange cloud). But before you do, there is one setting that trips up a lot of people: the SSL mode in the Cloudflare dashboard.
Go to SSL/TLS → Overview in your Cloudflare dashboard. You will see four options;
- Off
- Flexible
- Full, and
- Full (Strict).
– Many people leave it on Flexible because it sounds like it should be fine. It is not.
Flexible mode means Cloudflare encrypts the connection between the visitor’s browser and Cloudflare, but then sends traffic from Cloudflare to your server over plain HTTP. This completely defeats the point of the certificate you just installed. Worse, because your Nginx is now configured to redirect HTTP to HTTPS, Flexible mode will cause an infinite redirect loop; the browser keeps getting bounced back and forth, and the page never loads.
Set it to Full (Strict). This tells Cloudflare to communicate with your origin server over HTTPS and to validate the certificate. Since you have a valid Let’s Encrypt certificate in place, this works perfectly and gives you genuine end-to-end encryption, from the visitor’s browser through Cloudflare, all the way to your server.
This applies whether you are running WordPress, a Spring Boot application, a Node.js app, or anything else. The SSL mode is about how Cloudflare talks to your server, not about what is running on it. Full (Strict) is always the correct choice when you have a real certificate installed on the origin.
Is Let’s Encrypt Really Free?
Yes. Let’s Encrypt certificates are completely free and trusted by all major browsers and operating systems.
For most websites, blogs, online stores, APIs, and business applications, there is no practical reason to purchase a commercial SSL certificate. Let’s Encrypt has become the industry standard for securing modern websites.
Will SSL Slow Down My Website?
This is a common concern, but for modern servers, the impact is negligible. Today’s processors handle SSL encryption extremely efficiently.
In many cases, websites may actually benefit from HTTPS because it enables newer web technologies such as HTTP/2 and HTTP/3, which can improve overall performance and user experience.
For most VPS deployments, visitors will not notice any difference in loading speed after SSL is enabled.
Final Thoughts
Installing a Let’s Encrypt SSL certificate on an Ubuntu VPS is one of the simplest improvements you can make to your website’s security. The entire process typically takes less than ten minutes once your domain and Nginx configuration are already working.
Whether you’re running a WordPress website, a custom application, an eCommerce store, or a Spring Boot platform, HTTPS should be considered a standard part of every production deployment. A free Let’s Encrypt certificate combined with Cloudflare’s Full (Strict) SSL mode provides a secure, professional, and future-proof foundation for almost any website.
Disclaimer: Portions of this content were enhanced with the assistance of AI Tools.
