One of the WordPress websites I have has Let's Encrypt enabled however, it's possible to browse this website via insecure HTTP too. I would like to suggest that there be a toggle under
Security that when enabled redirects any insecure requests to secure requests at a server level.
Doing it at a server level is best practice for SEO.
I've not tested with the sub domain
www but I imagine it might be able nice to have the option to pick wether you want to redirect
Please let me know if you need clarification on wording. I'll find a control panel example.