Legacy links and natural consumer tendency is to reference URLs via HTTP. Your web server should be configured to send a 301 redirect to the user agent telling them to permanently load the HTTPS address.
A 301 redirect is a permanent address change. You are telling the user agent that the address they are seeking is no longer valid, and to instead go to a new address. By redirecting HTTP to HTTPS, you are effectively telling the world not to ask for insecure content anymore.
This process varies by web server, so consult your platform's documentation for more guidance. Most servers can do this using a simple setting.
If you are using a content-delivery network, and you should for any consumer site, you should be able to configure this redirection in your CDN configuration.
A 301 redirect works by receiving a request from a user...