DJANGO DEPLOYMENT
Deploy Django with Confidence
Security
#django
#nginx
#lets-encrypt
#https

How to Set Up HTTPS for Django (Nginx + Let’s Encrypt)

Learn how to secure your Django application with HTTPS using Nginx and Let’s Encrypt. This step-by-step guide covers everything from installing Certbot to configuring Nginx for SSL, ensuring your site is safe and trusted by browsers.

If your Django site is running on HTTP, it is:

  • ❌ Not secure
  • ❌ Flagged by browsers
  • ❌ Vulnerable to attacks

This guide shows you how to secure your Django app with HTTPS using:

⚡ Quick Setup (Fastest Method)

Run:

sudo apt update
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx

Follow the prompts.

👉 This will:

  • Obtain SSL certificate
  • Configure Nginx automatically
  • Enable HTTPS

🧠 What This Does

  • Encrypts traffic between users and your server
  • Prevents interception and tampering
  • Enables modern browser features

🧪 Step-by-Step Setup

1. Ensure Nginx is working

Test:

sudo nginx -t
sudo systemctl status nginx

2. Install Certbot

sudo apt install certbot python3-certbot-nginx

3. Run Certbot

sudo certbot --nginx

You will be prompted for:

  • Email address
  • Domain name
  • Redirect HTTP → HTTPS

👉 Choose redirect for best practice

4. Verify HTTPS

Open:

https://your-domain.com

👉 You should see:

Secure lock icon in browser

🔐 Configure Django for HTTPS

Update settings.py:

SECURE_SSL_REDIRECT = True
CSRF_COOKIE_SECURE = True
SESSION_COOKIE_SECURE = True

👉 Ensures Django only serves secure traffic

🔁 Auto-Renewal (Important)

Let’s Encrypt certificates expire every 90 days.

Test renewal:

sudo certbot renew --dry-run

👉 Certbot usually installs automatic renewal via cron

🔥 Common Issues (and Fixes)

🔴 Domain not pointing to server

Fix:

  • Update DNS records
  • Wait for propagation

🔴 Nginx misconfiguration

Fix:

sudo nginx -t

🔴 Port 80/443 blocked

Fix:

sudo ufw allow 'Nginx Full'

🔴 Certbot cannot verify domain

Cause:

  • Incorrect DNS
  • Server not reachable

🧠 Debugging Tips

Check Certbot logs

sudo journalctl -u certbot

Check Nginx logs

sudo tail -f /var/log/nginx/error.log

Test SSL

curl -I https://your-domain.com

✅ HTTPS Checklist

❓ FAQ

Is HTTPS required?

Yes.

Modern browsers:

  • Warn users
  • Block some features without HTTPS

Does Let’s Encrypt cost money?

No.

👉 It’s free and widely used

Do I need a domain?

Yes.

👉 Let’s Encrypt requires a valid domain name

🎯 Final takeaway

HTTPS is:

  • Essential for security
  • Required for production
  • Easy to set up with Certbot

If you deploy often…

Using a pre-configured setup with HTTPS included saves time and avoids errors.

On this page

Jump between sections and keep your place while reading.

Jump to guide
Deploy Django
Deploy Django with Nginx + Gunicorn (Step-by-Step)
How to Set Up HTTPS for Django (Nginx + Let’s Encrypt)
Deploy Django with Docker (Production Setup – Complete Guide)
Fix Issues
Fix Django 502 Bad Gateway (Nginx + Gunicorn) – Step-by-Step Guide
Fix Nginx Not Connecting to Gunicorn (Connection Refused)
Fix Gunicorn Socket Permission Denied (Nginx + Django)
Fix Django Static Files Not Loading in Production (Nginx + Gunicorn)
Fix Django Media Files Not Serving (Uploads Broken in Production)
Optimize
Zero Downtime Django Deployment (Gunicorn Reload Strategy)
Production Checklist
Django Production Checklist (Everything You Must Do Before Going Live)
2026 · DJANGO DEPLOYMENT
Deploy Django with Confidence