SSL/TLS Certificates (HTTPS Basics)

> Goal: get a green lock (HTTPS) for your site, and understand what it means so you can troubleshoot confidently.

1) What HTTPS gives you

**Encryption**: nobody can read traffic in transit.
**Integrity**: traffic can't be silently modified.
**Identity**: the certificate proves the website is allowed to use the domain name.

2) What a certificate is (simple explanation)

A certificate binds your domain name to a public key and is signed by a trusted Certificate Authority (CA).

3) Before you start (requirements checklist)

1. DNS must point to the correct server IP.

2. Port **80** and **443** must be reachable from the internet.

3. Your web server (Apache/Nginx) must be configured for the domain.

4) The most common path: Let's Encrypt

Let's Encrypt issues free certificates via an automated validation (challenge) that proves you control the domain.

A) Plesk path (typical)

1. Open Plesk → **Websites & Domains**.

2. Select your domain.

3. Go to **SSL/TLS Certificates** (or **Security** section).

4. Choose **Let's Encrypt**.

5. Enable options like “Secure the domain” and “Include www” if you use it.

6. Issue the certificate.

7. Ensure hosting settings use HTTPS (often “Hosting Settings” → “SSL/TLS support”).

B) Generic path (conceptual)

Prove domain control (HTTP challenge on port 80 or DNS challenge via TXT record).
Install certificate on your web server.
Configure HTTP → HTTPS redirect.

5) Verify it's working

Open `https://yourdomain.com` and confirm the browser shows a secure connection.
Check that `http://yourdomain.com` redirects to HTTPS.
Confirm `www` works if you included it.

6) Common errors and what they usually mean

“Validation failed”

DNS points to the wrong server IP.
Port 80 blocked by firewall or provider.
Another service answers on port 80 for the domain.

“Certificate is not trusted / invalid”

Wrong certificate installed for the domain.
Missing intermediate chain (less common with Let's Encrypt on modern panels).
Old cached certificate in the browser (try another device/network).

“Mixed content”

Your page loads some resources via `http://` (images/scripts). Update URLs to `https://`.

7) Best practices

Use auto-renewal for Let's Encrypt.
Prefer redirecting HTTP → HTTPS.
Keep the server time correct (bad clock can break validation/handshakes).

8) When to use DNS challenge

If port 80 is not available (locked down network).
If you're issuing wildcard certificates (`*.yourdomain.com`).

What to learn next

Next (in category)

Backups Explained (Beginner)

Page changelog

Last updated

2026-01-18—Initial or baseline update for this page.

SSL/TLS Certificates (HTTPS Basics)

SSL/TLS Certificates (HTTPS Basics)

1) What HTTPS gives you

2) What a certificate is (simple explanation)

3) Before you start (requirements checklist)

4) The most common path: Let's Encrypt

A) Plesk path (typical)

B) Generic path (conceptual)

5) Verify it's working

6) Common errors and what they usually mean

“Validation failed”

“Certificate is not trusted / invalid”

“Mixed content”

7) Best practices

8) When to use DNS challenge

What to learn next

Need help with this setup?

SSL/TLS Certificates (HTTPS Basics)

SSL/TLS Certificates (HTTPS Basics)

1) What HTTPS gives you

2) What a certificate is (simple explanation)

3) Before you start (requirements checklist)

4) The most common path: Let's Encrypt

A) Plesk path (typical)

B) Generic path (conceptual)

5) Verify it's working

6) Common errors and what they usually mean

“Validation failed”

“Certificate is not trusted / invalid”

“Mixed content”

7) Best practices

8) When to use DNS challenge

What to learn next

Need help with this setup?