2 min read

How to Configure SSL with Let’s Encrypt Without Breaking Your Site

A practical SSL guide for Let's Encrypt that helps you enable HTTPS safely, avoid redirect loops, and keep your site working during the switch.

If you want the safest path, configure SSL with Let’s Encrypt only after your site already loads correctly over HTTP. That makes validation easier, reduces redirect mistakes, and gives you a clean point to troubleshoot from.

The safe order of operations

  1. make sure the site works over HTTP
  2. confirm the domain points to the correct server
  3. run Certbot
  4. test HTTPS
  5. only then enforce redirects

Step 1: Check the DNS and HTTP site first

Before using Let’s Encrypt, confirm the domain already resolves to the right server and your Nginx site answers on port 80.

Step 2: Install Certbot

sudo apt update
sudo apt install -y certbot python3-certbot-nginx

Step 3: Request the certificate

sudo certbot --nginx -d example.com -d www.example.com

Certbot can update the Nginx config automatically, which is usually the fastest and safest option for standard setups.

Step 4: Test the HTTPS site before forcing everything

Open both:

  • https://example.com
  • https://www.example.com

Make sure the site loads correctly and assets are not broken.

Step 5: Confirm redirection behavior

You usually want one canonical HTTPS hostname. That means deciding between:

  • https://example.com
  • https://www.example.com

Then redirect the other version to it consistently.

Step 6: Avoid redirect loops

Redirect loops usually happen when:

  • Nginx redirects incorrectly
  • the app forces HTTPS differently than Nginx
  • WordPress or app URL settings do not match the live URL

Step 7: Test renewal

sudo certbot renew --dry-run

This takes almost no time and saves you from certificate surprises later.

Common things that break when enabling SSL

  • mixed content from hardcoded HTTP assets
  • redirect loops
  • wrong canonical URL in the app
  • forgotten www or non-www host
  • forcing HTTPS before the certificate is actually working

What to check if the site breaks after SSL

  • Nginx config
  • Certbot output
  • browser console for mixed content
  • application base URL settings
  • renewal test

Useful next reads

If the site fails with permissions or root-path issues after the move, read How to Fix 403 Forbidden After Changing Your Document Root. If you are securing a brand-new server, also read How to Secure a Fresh Ubuntu Server Before Going Live.

Quick FAQ

Should I force HTTPS immediately?

Only after confirming HTTPS already works correctly.

Can Certbot edit Nginx automatically?

Yes, and for standard setups that is often the fastest path.

How do I know renewals are safe?

Run certbot renew --dry-run and check the result before you forget about it.

Linux Mar 28, 2026
Previous
How to Set Correct Linux Permissions for Web Projects
Next
How to Become a Web Developer in 2026 Without a Computer Science Degree