Beta

Nginx For Beginners

Security

HTTPS

In this article, we’ll dive into HTTPS—what it is, why it matters, and how to implement it to secure your website and boost SEO.

Why HTTPS Matters

1. Security

When you access a website via HTTPS, all communication between your browser and the server is encrypted. On an unencrypted connection (HTTP), anyone on the same network—such as a coffee shop Wi-Fi—could intercept your passwords, credit-card numbers, or personal details.

The image illustrates the importance of HTTPS for security, showing people using laptops in a coffee shop with a visible Wi-Fi symbol.

With HTTP, data is sent in plain text. An attacker can easily read it.
With HTTPS, intercepted data is encrypted and unreadable.

The image illustrates the importance of HTTPS for security, showing people using laptops in a coffee shop with a Wi-Fi symbol, emphasizing secure connections.

2. SEO Benefits

Search engines like Google prioritize secure sites in search rankings. Enabling HTTPS not only protects user data but also improves your site’s visibility and trustworthiness.

The image highlights the importance of HTTPS, emphasizing its SEO benefits, protection of customer data, and enhancement of search engine visibility.

SSL and TLS Protocols

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols that secure data in transit. Although we still colloquially call them “SSL certificates,” modern sites use TLS under the hood.

The image illustrates the concept of SSL and TLS protocols ensuring privacy and integrity between a browser and a web server, with icons representing each.

SSL vs TLS: A Quick Comparison

ProtocolStatusTypical Use Case
SSLDeprecatedLegacy or unsupported systems
TLS 1.2Widely UsedProduction environments
TLS 1.3RecommendedBest performance and security

How TLS Works: A Checkout Example

Imagine you’re on an e-commerce checkout page and submit your name, address, and credit-card details. TLS protects this process in four steps:

  1. Connection Initiation
    Your browser connects to the server over HTTPS.

    The image illustrates a connection between a user's browser and a store's web server, highlighting a payment form with fields for a credit card number and address. It is part of a diagram explaining SSL and TLS.

  2. Certificate Exchange
    The server responds by sending its TLS certificate, which includes its public key and identity details.

    The image illustrates a process where a server responds by sending its SSL/TLS certificate during a payment transaction, involving a user and a store's web server.

  3. Certificate Authority (CA)
    A trusted CA—like Let’s Encrypt, DigiCert, or Comodo—verifies the domain owner and signs the certificate.

    The image illustrates the concept of a Certificate Authority, showing a building and person linked to a digital certificate containing user, company, and website information.

  4. Domain Verification
    Your browser checks that the certificate matches the domain (e.g., https://onlinestore.com), ensuring you’re communicating with the real site.

    The image illustrates the concept of SSL certificates, showing a browser window with a URL and a certificate icon, emphasizing that a certificate verifies domain ownership.

Asymmetric Encryption Explained

TLS employs asymmetric encryption (public-key cryptography), similar to SSH. A public key encrypts data, and only the corresponding private key can decrypt it.

The image illustrates the concept of asymmetric encryption, showing a pair of keys labeled as "Public Key" and "Private Key."

  1. The server publishes its public key (an “open padlock”) to your browser.
  2. Your browser encrypts sensitive data—like credit-card details—using that public key.

The image illustrates a public key encryption process, showing a web server providing a public key to a browser, which then encrypts the data being sent.

  1. The server applies its private key to decrypt the data, keeping it secure even if intercepted.

The image illustrates how encryption keys work in practice, showing the process of encrypting data in a browser, sending it to a server, decrypting it, and processing a payment.

Obtaining TLS Certificates

Choose a tool and provider based on your environment:

ToolProviderBest For
CertbotLet’s EncryptFree, automated production certs
mkcertSelf-signedLocal development and testing

1. Let’s Encrypt + Certbot

Certbot is an ACME client that automates issuance and renewal of free TLS certificates from Let’s Encrypt.

sudo apt update
sudo apt install certbot

sudo certbot certonly \
  --standalone \
  --preferred-challenges http \
  -d example.com \
  -d www.example.com

Note

Certbot creates a daily cron job for automatic renewal. Ensure ports 80 and 443 are available.

Certificates are saved at:

  • /etc/letsencrypt/live/example.com/fullchain.pem
  • /etc/letsencrypt/live/example.com/privkey.pem

2. mkcert (Self-Signed for Local Testing)

mkcert sets up a local CA and issues certificates trusted by your development machine. Not suitable for production.

sudo apt update
sudo apt install mkcert

# Change to your certificates directory
cd /etc/ssl/private

# Install mkcert’s local CA
mkcert --install

# Generate a wildcard certificate for *.example.com
mkcert *.example.com

Warning

Self-signed certificates from mkcert won’t be trusted by remote browsers or services. Use only for local development.

The image highlights Let's Encrypt as a reputable Certificate Authority that offers free TLS certificates.

Configuring Nginx for HTTPS

Once you have your certificate and private key, update your Nginx server block to listen on port 443:

server {
    listen 443 ssl;
    server_name honda.cars.com;

    ssl_certificate     /etc/ssl/certs/honda.cars.com.pem;
    ssl_certificate_key /etc/ssl/certs/honda.cars.com-key.pem;

    root  /var/www/honda.cars.com/html;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }
}

Reload Nginx and verify your site at https://honda.cars.com.

Watch Video

Watch video content

Previous
Security Introduction
Next
Demo HTTPS