How to Redirect HTTP to HTTPS on Linux with Nginx (Complete Guide)

Securing your website with HTTPS is no longer optional — it is a fundamental requirement for protecting user data, maintaining trust, and achieving strong SEO rankings. Search engines like Google actively penalize unencrypted HTTP sites, while modern browsers flag them as "Not Secure." Redirecting all HTTP traffic to HTTPS ensures every visitor reaches the encrypted version of your site automatically, without any manual intervention.

This comprehensive guide walks you through the entire process: understanding the difference between HTTP and HTTPS, installing a free SSL certificate via Let's Encrypt, configuring a permanent 301 redirect in Nginx, and verifying everything works correctly on your Linux server.

Table of Contents

1. HTTP vs. HTTPS: What's the Difference?
2. Prerequisites
3. Step 1: Install an SSL Certificate with Let's Encrypt
4. Step 2: Configure Nginx to Redirect HTTP to HTTPS
5. Step 3: Test Your Nginx Configuration
6. Step 4: Reload Nginx to Apply Changes
7. Step 5: Verify the Redirect Is Working
8. Common Issues and Troubleshooting
9. Conclusion

1. HTTP vs. HTTPS: What's the Difference? {#http-vs-https}

Before diving into the configuration, it is important to understand why this redirect matters.

HTTP (Hypertext Transfer Protocol)

HTTP is the foundational protocol used to transmit data between a web browser and a server. However, it transmits all data in plain text, meaning any information — login credentials, payment details, personal data — can be intercepted by attackers using a man-in-the-middle (MITM) attack. HTTP offers no encryption, authentication, or data integrity guarantees.

HTTPS (HTTP Secure)

HTTPS is the secure extension of HTTP. It wraps the standard HTTP protocol inside SSL/TLS encryption, creating an encrypted tunnel between the client and server. This ensures:

• Confidentiality — Data cannot be read by third parties in transit.
• Integrity — Data cannot be tampered with during transmission.
• Authentication — Users can verify they are communicating with the legitimate server.
• SEO Advantage — Google uses HTTPS as a ranking signal, giving secure sites a measurable edge.
• Browser Trust — Chrome, Firefox, and Edge display a padlock icon for HTTPS sites and a "Not Secure" warning for HTTP sites.

The bottom line: running a website without HTTPS in today's environment is a serious security and business risk.

2. Prerequisites {#prerequisites}

Before following this guide, ensure you have the following in place:

• A Linux server (Ubuntu 20.04/22.04, Debian 11/12, or similar) running Nginx
• A registered domain name pointed to your server's IP address
• Root or sudo access to your server
• Basic familiarity with the Linux command line

If you are looking for a reliable server environment to host your website, VPS Hosting from AlexHost provides fully managed and unmanaged Linux VPS plans optimized for web applications, with SSD storage and high-availability networking.

You will also need a valid SSL certificate. This guide uses the free Let's Encrypt certificate authority via Certbot. If you require an extended validation (EV) or organization-validated (OV) certificate for business use, consider exploring SSL Certificates from AlexHost.

3. Step 1: Install an SSL Certificate with Let's Encrypt {#install-ssl}

Let's Encrypt is a free, automated, and open certificate authority. Certbot is the official client that automates the process of obtaining and renewing SSL/TLS certificates from Let's Encrypt and configuring your web server.

Install Certbot and the Nginx Plugin

Update your package index and install Certbot along with the Nginx plugin:

sudo apt update
sudo apt install certbot python3-certbot-nginx -y

Obtain and Install Your SSL Certificate

Run Certbot with the --nginx flag to automatically obtain a certificate and configure Nginx to use it:

sudo certbot --nginx -d example.com -d www.example.com

Replace example.com with your actual domain name. Certbot will:

1. Verify domain ownership via an ACME challenge
2. Obtain a signed certificate from Let's Encrypt
3. Automatically modify your Nginx configuration to enable HTTPS on port 443
4. Optionally set up automatic HTTP-to-HTTPS redirection (you can skip this step in Certbot and configure it manually as shown below for full control)

Enable Automatic Certificate Renewal

Let's Encrypt certificates expire every 90 days. Certbot installs a systemd timer or cron job to handle renewals automatically. Verify it is active:

sudo systemctl status certbot.timer

You can also perform a dry-run renewal test:

sudo certbot renew --dry-run

4. Step 2: Configure Nginx to Redirect HTTP to HTTPS {#configure-nginx}

With your SSL certificate installed, you now need to configure Nginx to permanently redirect all HTTP (port 80) traffic to HTTPS (port 443). This is done using a 301 Moved Permanently redirect, which is the correct redirect type for SEO — it passes link equity to the HTTPS version of your pages.

Open Your Nginx Server Block Configuration

Nginx site configurations are typically stored in /etc/nginx/sites-available/. Open the configuration file for your domain:

sudo nano /etc/nginx/sites-available/example.com

Configure the HTTP-to-HTTPS Redirect Block

Your configuration file will contain one or more server blocks. Locate the block that listens on port 80 (HTTP) and replace or update it with the following redirect rule:

server {
    listen 80;
    listen [::]:80;
    server_name example.com www.example.com;

    # Permanently redirect all HTTP requests to HTTPS
    return 301 https://$host$request_uri;
}

Your HTTPS server block (port 443), which Certbot likely configured automatically, should look similar to this:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com www.example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    root /var/www/example.com/html;
    index index.html index.php;

    location / {
        try_files $uri $uri/ =404;
    }
}

> Why use return 301 instead of rewrite?

> The return 301 directive is faster and more efficient than a rewrite rule. It immediately returns the redirect response without requiring Nginx to process additional location blocks, reducing server overhead and improving response time.

Understanding the Redirect Directive

5. Step 3: Test Your Nginx Configuration {#test-nginx}

Never reload or restart Nginx without testing your configuration first. A syntax error in your configuration file will cause Nginx to fail to start, taking your website offline.

Run the built-in Nginx configuration test:

sudo nginx -t

A successful test produces the following output:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

If you see any errors, carefully review the output. Nginx will indicate the file and line number where the problem was detected. Common issues include:

• Missing semicolons at the end of directives
• Unclosed curly braces {}
• Incorrect file paths for SSL certificates
• Duplicate server_name entries

Fix any reported errors before proceeding.

6. Step 4: Reload Nginx to Apply Changes {#reload-nginx}

Once the configuration test passes, reload Nginx to apply your changes. Using reload instead of restart is preferred because it applies the new configuration gracefully without dropping active connections:

sudo systemctl reload nginx

To confirm Nginx is running correctly after the reload:

sudo systemctl status nginx

You should see active (running) in the output.

7. Step 5: Verify the Redirect Is Working {#verify-redirect}

With Nginx reloaded, it is time to confirm that the redirect is functioning correctly.

Method 1: Browser Test

1. Open your web browser.
2. Navigate to http://example.com (using HTTP, not HTTPS).
3. Observe that the browser automatically redirects you to https://example.com.
4. Confirm the padlock icon appears in the address bar, indicating a valid SSL connection.

Method 2: Command-Line Test with curl

Use curl with the -I flag to fetch only the HTTP response headers without downloading the page body:

curl -I http://example.com

A correctly configured redirect produces the following response:

HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Mon, 01 Jan 2025 12:00:00 GMT
Content-Type: text/html
Location: https://example.com/
Connection: keep-alive

Key indicators to verify:

• Status code 301 Moved Permanently — Confirms a permanent redirect is in place.
• Location: https://example.com/ — Confirms traffic is being redirected to the HTTPS version.

Method 3: Online Redirect Checker

You can also use free online tools such as redirect-checker.org or httpstatus.io to trace the full redirect chain and confirm there are no redirect loops or unnecessary hops.

8. Common Issues and Troubleshooting {#troubleshooting}

Redirect Loop

Symptom: Browser displays "Too many redirects" error.

Cause: Your HTTPS server block is also triggering a redirect back to HTTP, creating an infinite loop.

Fix: Ensure the return 301 directive exists only in the HTTP (port 80) server block, not in the HTTPS (port 443) block.

Mixed Content Warnings

Symptom: The padlock icon shows a warning even after the redirect is working.

Cause: Your HTML pages still reference HTTP resources (images, scripts, stylesheets) using http:// URLs.

Fix: Update all internal resource URLs to use https:// or protocol-relative URLs (//). Use a plugin like Really Simple SSL for WordPress sites.

SSL Certificate Not Found

Symptom: Nginx fails to start with an error about missing certificate files.

Cause: The paths specified in ssl_certificate and ssl_certificate_key do not match the actual certificate file locations.

Fix: Verify the certificate paths with:

sudo ls /etc/letsencrypt/live/example.com/

Certbot Renewal Fails

Symptom: Automatic renewal fails with a connection error.

Cause: Port 80 may be blocked by a firewall, preventing Let's Encrypt's HTTP-01 challenge from completing.

Fix: Ensure port 80 is open in your firewall:

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw reload

9. Conclusion {#conclusion}

Redirecting HTTP to HTTPS on your Linux server using Nginx is a straightforward but critically important configuration task. By implementing a permanent 301 redirect, you ensure that every visitor — regardless of how they access your site — is automatically served the encrypted, secure version. This protects sensitive user data, builds visitor trust, satisfies modern browser security requirements, and provides a measurable SEO benefit.

To recap the key steps covered in this guide:

1. Install Certbot and obtain a free SSL certificate from Let's Encrypt.
2. Configure the Nginx HTTP server block with a return 301 redirect to HTTPS.
3. Test your configuration with sudo nginx -t before applying changes.
4. Reload Nginx with sudo systemctl reload nginx.
5. Verify the redirect using your browser, curl, or an online redirect checker.
6. Monitor certificate renewal to ensure your SSL certificate never expires.

For the best results, run your Nginx web server on a high-performance, reliable hosting platform. AlexHost offers VPS Hosting with full root access, SSD NVMe storage, and flexible Linux distributions — ideal for hosting Nginx-powered websites. If you need a pre-configured control panel environment, explore VPS with cPanel or browse all available VPS Control Panels to find the right management interface for your workflow. For high-traffic or resource-intensive applications, Dedicated Servers provide the maximum performance and isolation your infrastructure demands.

Regularly audit your SSL certificate's validity, keep Nginx updated, and review your server security configuration periodically to maintain a robust and trustworthy web presence.