SSL Certificates

How Much SSL Certificates Cost

SSL certificates can vary drastically in price depending on the type and scope of SSL you’re looking to add. Prices can range from $5 a year to $250 annually. However, it’s becoming common place for web hosts to offer SSL certs for free from providers like LetsEncrypt. If you’re on a hosting provider that charges for SSL, it is possible to add a certificate yourself – although that’s not recommended for beginners.

The largest factor in the pricing for an SSL certificate is the amount of coverage you’re looking for. If you’re adding it to a single domain, a simple SSL from your host or a free provider will suffice. If you need it to cover several subdomains as well, you’ll need a wildcard SSL certificate. This option is ideal for sites with client-facing portals like shopping carts, technical support, or forums. You can also install Multi-domain SSL certificates which can cover multiple domains – perfect for hosting accounts with multiple sites.

Why SSL Certificates Are Necessary

Websites can function without SSL certificates. That said, there are two major reasons why you should strongly consider adding them to your site:

1. Browsers having started indicating whether or not your website is using a secure connect via SSL (i.e. using an “https” version). While the direct impact of https on search engine rankings is so far minimal, seeing that your site can alarm some users and hurt traffic to your site.
2. Companies that have leaked user information to the public take a massive hit to their reputation – and sometimes they’re even on the hook for damages from lawsuits. SSL is an additional layer of security protecting people who visit your site.

SSL Or TLS

One thing that can be confusing when you first start looking into SSL encryption is the difference between the terms TSL and SSL.

• SSL – Secure Sockets Layer: The standard security technology for establishing an encrypted link between a web server and a browser. This is a term often used to group both SSL and TLS technologies for ease of reference.
• TLS – Transport Layout Security: This supersedes SSL as a technology and may be used as an underlying technology for SSL services. This provides the secure communications on the Internet for e-mail and other data transfers.

Web Managers Now Have Options For SSL

Previously, the complexity and cost of an SSL certificate were a barrier to providing this layer of security. More recently, many companies have pledged to secure their websites with SSL now that it is more accessible to all. With Google pushing the benefits of SSL, many social media sites have followed too.

Website managers now have options, they can obtain and install the certificate themselves on their web server, they can ask their host to do this (or another web professional), they can use a third party service.

Getting An SSL Cert From A Web Host

One option to get your website secured with SSL is to ask your host to acquire and install this for you. Most hosts provide this service, although sometimes for a cost. It would be worth looking into before choosing a host if you expect to need this service in the future.

This was the option I initially always took as the process was new to me, and I wanted my website to have the best security it could have. It can be a good option for busy web professionals and business owners.

Installing An SSL Cert Yourself

It is also possible to install the SSL certificate yourself. This can be a complex process and have several steps, including choosing a certificate authority to supply the SSL, generating a certificate, and installing this on the web server.

Sometimes, the SSL Cert can be conveniently installed via the cPanel of your hosting account. To do this, navigate to the SSL Certificates section of cPanel and look for the option to install it. This is also the section that can be used to find out if your host provides free SSL certificates (usually from LetsEncrypt). If this section or option is not available, you will likely need to follow a somewhat complex process of installing it using shell access to your account – and that access may or may not be permitted by your hosting.

Using A Third Party SSL Service

There are now services available that make the SSL process easy. Two high-quality free services are Cloudflare and Let’s Encrypt. These are services I use myself as they are free, easy to use, and have added performance boosting benefits in areas like security and optimization.

Cloud Flare – Get Started

Plans start for free for those who just want to secure a personal blog or other small websites, with various paid plans also available for business and enterprise level. Cloudflare guides you through the process, and I find is especially easy to use as you will be helped with SSL configuration and optimization and don’t have to worry about expiring certificates.

I also really like the fact that each page my visitors visit renders as fast and efficiently as possible due to performance boosting features. These include a content delivery network designed to bring your content closer to your users and several optimization features, like auto-caching to lower the load on your server and auto-minify to save up to 20% load time by automatically minifying your CSS and Javascript files.

A word of caution: when updating your website with auto-caching, you will need to disable Cloudflare to see the results. The caching limits how frequently visitors can see changes to core files like CSS and HTML modifications.

Something else worth noting: Cloudflare won’t encrypt the full pathway from your visitors’ browser to your servers. When you use Cloudflare, you point your domain to their servers, and they point their servers to your hosting provider’s server. If you do nothing else and only use Cloudflare, only the connection from the browser to Cloudflare’s servers will be secure.

For most small websites or blogs, this isn’t an issue. However, if you collect and process personal or financial data from your visitors, you will want to take measures to ensure that encryption protection is in place every step of the way for their data.

Let’s Encrypt – Get started 

Let’s Encrypt is a free, automated, and open Certificate Authority. This service offers only free plans and have provided more that 10 million SSL certs since their inception. It is a service that is supported by Mozilla.

There are not quite as many benefits as Cloudflare, but it is a more singular focused service with the security of your website at the heart of its services. Let’s Encrypt automatically renews SSL certificates, is community-run service built on transparent and cooperative principles, and compares this approach to the SSL/TSL protocols themselves.

Are Free SSL Certificates Safe?

Yes! All SSL certs provide an additional layer of security to your site and protection for your customers. While all SSL cert aren’t created equal, depending on type and coverage, a single domain SSL certificate that is free will provide the same benefits and safety as those that you pay for.

With services like Cloudflare, it is even possible to add free TLS encryption to your site. While SSL is the industry standard for encryption, TLS, or transport layer security, represents the next step up.

How To Install A Free SSL Certificate

There are generally 3 ways to add a free SSL cert to your website. The first is through the control panel for your account. Log into your hosting account and navigate to your control panel (often labeled cPanel). Once there, look for the section called “SSL Certificates” and click on it. In this section you will be able to choose from a selection of SSL certificates (both paid and free) and install them. At this point, installing the certificate is just a matter of clicking a couple buttons.

Adding SSL through a service like CloudFlare can be a bit more involved. Sometimes, you’ll be able to add this through your account’s control panel with relative ease. If not, you’ll need to create an account with CloudFlare (don’t worry, there’s a free level that’s suitable for most users). Once you’ve done that, you’ll need to log into your domain registrar and point the nameservers to CloudFlare. During this process, your site shouldn’t experience any downtime.

It should be noted that CloudFlare technically doesn’t add a full SSL connection between your visitors and your site, just between your visitors and their servers. For most businesses though – especially those with no online transactions – this is a non-issue.

The final way of adding a free SSL certificate to your site is to do it manually through accessing your server directly. This approach is not recommended for beginners though.

The Best Free SSL Certificate Authorities

When it comes to free SSL certs, there is only one thing to take into consideration: some certifying authorities only provide the initial certificate for free. Once it expires and you must renew, you will have to pay at that time. While many web hosts do include free SSL as a part of their hosting plans, some host do not – and you might be surprised that this even includes some of the most popular names in hosting. Always research a web host before making a decision.

Further Reading