There is no difference between a free SSL certificate and a paid one. 🐱💻
There – you can stop panicking now and go get your free Let’s Encrypt SSL certificate.
Oh, do you want to know why there is no difference between a free SSL certificate and a paid one?
Great, read on!
To SSL or Not SSL?
That’s the question.
No, not really.
As of 2014, your entire website should be running on a Secure Socket Layer (SSL) and all your website links should be HTTPS (s being the secure part).
Google will rank penalise your site with site lower page rankings than competitors if you don’t have SSL throughout your website – fact!
What is SSL?
SSL is an abbreviation for Secure Socket Layer and and, in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two system.
This prevents hackers snooping in on the data transfer and picking out your login and credit card details or modifying the data to transfer all the funds to their own account or some charity for ageing Holywood cat performers.
It does this by encrypting the data sent between two systems, for example between web browser and web server.
The encryption is done by TLS (Transport Layer Security) which is just an updated, more secure, version of SSL.
Because most tech people are comfortable with and know what SSL means, the term is used interchangeably with TSL.
Both systems need a way to encrypt and decrypt the data being sent – this is what an SSL Certificate is used for.
What is an SSL Certificate?
SSL certificates are installed on the web server.
Once installed properly there are visual cues on most of the popular web browsers that indicate the site is secures such as showing the HTTPS at the beginning of the URL in the address bar, a padlock 🔒 in the address bar and maybe the colour green or the word “secure”.
SSL certificates have a key pair: a public and a private key.
These keys work together to establish an encrypted connection.
The certificate also contains what is called the “subject,” which is the identity of the certificate/website owner.
When you click on the padlock in the browser address bar you should see details about the SSL certificate:
If you click on the “Certificat (Valid)” link you get further information about the SSL certificate; who it is issued to and who it is issued by.
Are Paid SSL Certificates Any Better Than Free SSL Certificates?
An SSL certificate is used to encrypt traffic between two systems.
That is all it does regardless of how much you paid for it.
Some issuers will bundle additional stuff like insurance and liability with the SSL certificate and charge you hundreds and in some cases thousands of dollars for an SSL certificate.
This is marketing nonesense.
A free SSL certificate issued by Let’s Encrypt does the very same job as a paid SSL certificate issued by Comodo.
If they offer you insurance or liability, this is just a scam – nobody has every sued a certificate authority and got any money back from them.
The odds of winning a case against a certificate authority are less than zero as the odds are stacked in their favour.
Read an excellent article about this from Scott Helme.
Because free SSL certificates and paid ones are technically the exact same thing, most of the paid SSL certificate providers (yes there are still many), often site longevity of the certificates as a “Trust” factor.
They will tell you that buying a 3-year SSL certificate will make your website visitors and Google trust your site more.
That is nonsense. In fact having a shorter expiry period comes with additional benefits.
Free Let’s Encrypt certificates expire after 90 days to help combat stolen keys and mis-issued certificates as well as encourage automation of SSL certificate management.
Where Can I Get a Free SSL Certificate?
All web hosting companies will offer an SSL certificate in some way.
Most offer free SSL certificates, including those generated by Let’s Encrypt.
If your web host demands that you have to pay for an SSL Cerfificate I would recommend changing hosting companies.
Installing An SSL Certificate
Most web hosts will offer a way to generate and install SSL certificates for the domains associated with the account.
Here is the cPanel interace with the Let’s Encrypt icon.
If the web host doesn’t directly support Let’s Encrypt, below is the standard security panel in cPanel where you would click on the SSL/TSL icon to start the process of generating a free SSL for your domain.
Here is the Plesk SSL icon.
And the Plesk SSL area with the Let’s Encrypt button.
Make sure you generate the SSL certificate to match the primary domain used by your website if you have multiple parked domains pointing to a single site.
Otherwise your hosting company will be able to generate one for you if you find this too complex.
I hope this sorts out any confusion about free SSL certificates.
You definitely should have your entire website running on SSL with HTTPS using a free SSL certificate.