How to Set Up SSL/HTTPS for Your Deployed App

✨ Summarize this content with AI

CHATGPT PERPLEXITY GROK GOOGLE AI

Setting up SSL on most platforms means opening a terminal, installing Certbot, editing your Nginx config, and wiring up a cron job so your certificate does not expire in three months. On Kuberns, none of that exists. The moment you connect your custom domain, HTTPS is provisioned automatically. No commands. No config files. No renewal reminders.

If you are on a bare VPS or a self-hosted setup, you do need to do this manually. This guide covers both paths: the automatic way and the manual way, plus the three SSL errors that catch almost every developer the first time.

What SSL Actually Does

SSL encrypts the connection between your user’s browser and your server. Without it, data sent between the two is readable by anyone on the same network. Passwords, form inputs, and API tokens all travel in plain text over HTTP.

HTTPS is HTTP with that encryption layer added. The lock icon in the browser address bar confirms the connection is encrypted and the certificate is valid.

Beyond security, HTTPS affects you in three concrete ways:

• Browser trust: Chrome and Firefox show a “Not Secure” warning on all HTTP pages. Users see it and leave.
• Google ranking: HTTPS is a confirmed ranking signal. HTTP pages are penalised in search results.
• Modern browser features: Service workers, geolocation, camera access, and push notifications are blocked on HTTP. Your app cannot use them without HTTPS.

One quick note on terminology: SSL is technically the older protocol. TLS is what actually runs today. But the industry still uses “SSL” as shorthand, so the two terms mean the same thing in most conversations.

Once your app has HTTPS sorted, the next step is getting it on a proper domain. See how to connect a custom domain to your deployed app without the usual DNS confusion.

Let Your Platform Handle SSL

If you are deploying to a managed cloud platform, SSL should require zero effort on your part. This is the right path for the vast majority of developers.

Kuberns provisions a free Let’s Encrypt SSL certificate automatically on every deploy. Here is what happens when you connect a custom domain:

Step 1: Connect your GitHub repo. Kuberns detects your stack and configures the build automatically. No Dockerfile or service definition needed.

Step 2: Add your custom domain in the Kuberns dashboard. Point your domain’s DNS records to Kuberns as instructed. The dashboard shows you the exact records to add.

Step 3: Deploy. Kuberns issues the SSL certificate, configures HTTPS, sets up the HTTP to HTTPS redirect, and handles certificate renewal before it ever expires. You do not see any of this happen. Your app is just live on HTTPS.

No Certbot. No Nginx config. No cron job. No renewal reminder in your calendar three months from now.

This is the path to take if you are deploying a new app or migrating from a platform that does not handle SSL for you. It removes the entire category of work.

Not sure which deployment platform fits your setup? The best tools to deploy backend apps in 2026 compares the main options across SSL handling, pricing, and ease of use.

Manual SSL Setup With Certbot

If you are running on a bare VPS or a self-managed server with Nginx or Apache, you need to set this up yourself. Certbot is the standard tool. It fetches a free certificate from Let’s Encrypt and configures your web server automatically.

Install Certbot on Ubuntu:

sudo apt update
sudo apt install certbot python3-certbot-nginx

Run Certbot for Nginx:

sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Certbot will ask for your email, agree to the terms, and then issue the certificate. It also edits your Nginx config to enable HTTPS and adds the HTTP to HTTPS redirect automatically.

Set up auto-renewal:

Let’s Encrypt certificates expire after 90 days. Certbot includes a renewal command that checks and renews certificates due to expire within 30 days. Test it first:

sudo certbot renew --dry-run

Then add it to your cron schedule so it runs twice a day:

0 0,12 * * * certbot renew --quiet

That is the full manual path. It works reliably once set up. The downside is that it is tied to your server, so if you move to a new instance or rebuild the server, you need to run through it again.

Manually managing a VPS for every deploy is one of the main reasons developers move to managed platforms. See why developers are moving away from AWS to simpler platforms and what they switch to.

Three SSL Errors Every Developer Hits

Getting the certificate installed is usually the easy part. These three errors come after, and they trip up almost every developer deploying HTTPS for the first time.

Mixed Content Warning

Your page loads over HTTPS but some assets on the page (images, scripts, stylesheets) are still referenced with http:// URLs. Browsers block or flag these as insecure even though the page itself is on HTTPS.

The symptom is a padlock icon with a warning, or a “Not Secure” label despite HTTPS being active.

The fix: search your codebase for hardcoded http:// asset URLs and update them to https://. For assets on the same domain, use relative paths like /images/logo.png instead of full URLs. After fixing, clear your browser cache and hard refresh.

Certificate Not Trusted

The browser shows a certificate error or security warning even though you installed a certificate. This usually means one of three things: the certificate has expired, the intermediate certificate chain is missing, or the certificate was not issued for the exact domain being accessed.

Check the certificate expiry date in your browser (click the lock icon, then view the certificate). If it is expired, re-run certbot renew. If the chain is missing, your certificate file needs to include the full chain. Certbot handles this automatically with --nginx or --apache. If you installed manually, make sure you are using the fullchain.pem file, not just cert.pem.

HTTPS Redirect Loop

Your app returns an infinite redirect. The browser shows “too many redirects” or ERR_TOO_MANY_REDIRECTS.

This happens when both your reverse proxy (Nginx) and your application code are independently enforcing HTTPS redirects. The proxy redirects HTTP to HTTPS. Your app sees the request, does not trust the proxy header, thinks it arrived over HTTP, and redirects again.

The fix depends on your stack. In most frameworks, you need to trust the X-Forwarded-Proto header set by the proxy and base your redirect logic on that value rather than the raw connection protocol. In Express.js:

app.set('trust proxy', 1);

In Django:

SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')

Once the app trusts the proxy header, remove any app-level HTTPS redirect and let the proxy handle it.

These errors are a subset of the broader class of problems covered in why your app works locally but breaks after deploy. Worth reading if you are hitting environment-specific issues.

Deploy on Kuberns With SSL Built In

Every step in the manual path above (installing Certbot, configuring Nginx, setting up the cron job, debugging the redirect loop) exists because you are managing infrastructure directly. That is the cost of a bare VPS.

Kuberns is an agentic AI cloud deployment platform that removes that entire layer. SSL is not a feature you enable. It is the default behaviour on every deploy.

Here is what happens on Kuberns when you go live with a custom domain:

• A Let’s Encrypt certificate is issued automatically for your domain
• HTTPS is configured with no Nginx edits required
• HTTP to HTTPS redirect is set up without any application code changes
• Certificates are renewed automatically before expiry with no cron job
• The mixed content and redirect loop problems do not exist because the proxy configuration is managed for you

Kuberns starts at $7 and unlocks $14 in credits, with 30 days runtime, 100% money back guarantee, and no per-user pricing. You connect your repo, set your domain, and your app is live on HTTPS.

If you are deploying your first production app and wondering what to expect, what does one-click deployment actually do explains exactly what gets handled automatically and what you still need to think about.

Conclusion

Setting up SSL for your deployed app comes down to two paths. If you are on a managed platform like Kuberns, HTTPS is provisioned automatically on first deploy and renewed without any input from you. If you are on a VPS, three commands with Certbot get you a free Let’s Encrypt certificate and auto-renewal in under five minutes.

Either way, the three errors to watch for are mixed content from hardcoded http:// asset URLs, certificate trust failures from expired or incomplete certificate chains, and redirect loops from both the proxy and the application enforcing HTTPS at the same time.

SSL is not optional in 2026. Browsers warn users away from HTTP pages, Google penalises them, and modern browser APIs refuse to run on them. Get it done before your first real user arrives.

Deploy your app on Kuberns with HTTPS out of the box

Frequently Asked Questions

How do I add SSL to my deployed app?

On a managed platform like Kuberns, SSL is provisioned automatically when you connect a custom domain. No configuration required. On a bare VPS, install Certbot and run certbot --nginx or certbot --apache to get a free Let’s Encrypt certificate issued and configured in under five minutes.

Is Let’s Encrypt free and safe for production?

Yes. Let’s Encrypt is a free, automated, and open Certificate Authority trusted by all major browsers. It issues Domain Validation certificates valid for 90 days. Certbot automates renewal so certificates never expire in production. Let’s Encrypt is used by millions of production applications worldwide.

Why is my app showing Not Secure after adding SSL?

This is almost always a mixed content error. Your page loads over HTTPS but includes assets like images, scripts, or stylesheets referenced with http:// URLs. Browsers block or flag these. Fix by updating all asset references to use https:// or relative paths, then hard refresh to clear the browser cache.

Does Kuberns automatically set up HTTPS?

Yes. Kuberns provisions a free SSL certificate from Let’s Encrypt automatically when you connect a custom domain. HTTPS is enabled on first deploy with no configuration. Certificates are also renewed automatically before expiry. You can deploy your app on Kuberns and have HTTPS active without touching a single config file.

How do I renew my SSL certificate automatically?

If you used Certbot, run certbot renew --dry-run to test, then add a cron job: 0 0,12 * * * certbot renew --quiet. This runs twice daily and renews certificates that are within 30 days of expiry. On Kuberns, renewal is fully automatic with no cron job required.