There was a time when SSL certificates were expensive. But fortunately it’s no longer the case. You can secure your website with an SSL certificate for free, all thanks to Let’s encrypt certificate authority.
Who Should Have an SSL Certificate?
Your website should use a secure connection for login/singup forms, online shopping or online payments. But that’s not all. According to Google, if you have any input field on your website where user enters his personal data (e.g. email address), the connection to your website should be encrypted. It’s so important for the internet giant, that from 2017 Chrome began to display a warning “Not Secure” for all websites without SSL certificate that contain any input fields. And Google is about to go further… From July 2018 ALL websites without SSL will be tagged as “Not Secure” in Chrome. Plus, Google already uses https:// connection as a ranking signal, so anyone who care about SEO, should use it.
Answering the question of who should have an SSL certificate – everyone. Luckily, you can have it for free.
The Difference Between a Free and Paid SSL Certificate
Certificate issued by Let’s encrypt comes without warranty, whereas paid SSL certificates usually do. It’s worth having paid SSL with warranty when you have online payments on your website.
Certificates from Let’s encrypt are valid for 90 days. Paid usually for 1 year.
Unpopular or old web browsers could tag certificate from Let’s encrypt as “Not Secure”. Though majority of browsers used by users won’t have any compatibility issues. Paid certificates barely have any problems with that.
Green padlock will be visible in the browser bar and your site will work over https:// with free SSL certificate. However, online stores or institutions – where trust is very important – should invest in a paid EV certificate (Extended Validation Certificate). It will increase the credibility of the website (and owner), by displaying company name in the browser bar.
Where Can You Get a Free SSL Certificate?
Best option – Hosting Provider
Some of the hosting providers already introduced a possibility to generate free Let’s Encrypt SSL certificates from their panel. If your current server support this option, then the only thing you need to do is to enable SSL for your domain and it will start working within minutes. The best thing about this option, is that you don’t have to worry about renewing certificate every 90 days. It will renew automatically. If your hosting doesn’t support this, then ask if and when they will. For simple company websites, without online payments, free SSL certificate is enough.
Hosting providers we recommend with free SSL certificates:
So-so option – SSL For Free
In case you can’t generate free SSL on your current server via panel, but you are able to install external certificate for specific domain, then you can use sslforfree.com service. SSL For Free allows you to generate – as name suggest – free SSL certificate. I recommend creating an account before creating any certificates. That way you will get a reminder that you need to renew certificate the week and day before expiration date.
The steps for generating certificate in SSL For Free is relatively simple and comes to:
- entering website domain you want to secure
- verifying ownership – there is Automatic or Manual verification, but we recommend manual, unless you know exact server path to website directory
- uploading verification files to server
- generating SSL certificate
- downloading and installing certificate on server (private key, certificate, CA) in your server panel
Remember, a self-generated and installed SSL certificate must be renewed (and installed again) before expiration date. For Let’s encrypt certificates that’s every 90 days. If you miss the deadline and certificate become invalid, browsers will display information that your site is not secure before they’ll let user view your site. And will continue to show this scary message until you fix it and install valid certificate.
Soon owning website with SSL certificate will be mandatory if you want to keep your rank in Google search engine, or you don’t want to scare off users that are using Chrome. Also if your website uses SSL certificate, then you can take advantage of HTTP/2 and speed up your website. Besides, I personally believe that in the perfect world, internet traffic and communication should be fully encrypted. Which is finally possible with free SSL’s.