Beware of Dragons when Choosing Your SSL

It’s no fantasy: websites in 2019 need the extra protection of SSL certificates. SSLs encrypt data transmitted to and from your website (including login data), making your site safer for you and your users.

But with dozens of providers and a myriad of levels to choose from, finding the right SSL option for your website might feel like an epic quest.

In this article, we’ll look at what SSLs can do for you, how to choose the right one for your website, and how to steer clear of unworthy options.

SSL Certificates Help Guard the Castle Walls

In this day and age, we all have to guard against threats like identity theft, fraud, and phishing scams. Hackers often use personal data transmitted over the Internet to gain access to credit cards and bank accounts.

SSL certificates are a security feature that you install on top of an existing website. Some might come from your hosting provider, while you can also find third-party certificates. And while some are quite pricey, others are completely free.

Having an SSL on your site is like hiring a sword-wielding giant to protect your website visitors and make sure all of their valuable information stays out of the enemy’s hands.

SSLs Help Protect Your Gold—and Add to It

On the outside, SSL certificates change the beginning of a website address from “HTTP” to “HTTPS” and may add a padlock icon or green bar to the address bar in a browser.

Then behind the scenes, SSLs encrypt all data transmitted to and from a website, preventing “man-in-the-middle” attacks where a hacker hijacks the data before it reaches its destination. This data may include email addresses, passwords, credit card details, private messages, or sensitive health data.

Security dog in a secure castle tower

Here are three reasons to consider getting an SSL certificate for your site:

1. SSLs build trust. Customers like seeing HTTPS on sites where they do business. An SSL certificate shows that the site is taking proper steps to protect their transactions and privacy. And in turn, that trust can lead to higher sales and signups.

2. SSLs make your website faster. As web security expert Troy Hunt demonstrates on his blog, the boost in loading speed can be quite noticeable due to the HTTP/2 protocol, which reduces latency and speeds up the time it takes a page to load.

3. SSLs make Google happy. The search engine actively encourages SSL certificates by giving protected sites a bit of a boost in search ranking.

Going even further, for all non-HTTPS websites that include an HTML form element (including a login, contact form, or even a search box), Google has started flagging them as “not secure”.

When a visitor goes to such a site, they may see the following warning:

screenshot of a non secure website address

You don’t want to frighten a potential customer away!

So with these three reasons, it seems like a no-brainer to get an SSL for your site.

Choosing the Best SSL Armor for Your Website

There are several different kinds of SSL certificates. In a nutshell, they break down as follows:

  • DV – Domain Validation (for blogs and personal sites)
  • OV – Organization Validation (for small businesses, organizations, and educational institutions, with or without e-commerce)
  • EV – Extended Validation (for large businesses, agencies, and any sites with e-commerce or high-risk data)

The most basic SSL certificate is a DV certificate. You can often find these for free on hosting platforms as well as from Let’s Encrypt and other stand-alone providers. Namecheap offers free PositiveSSLs with shared hosting.

For added trust, you might want to get an OV or EV certificate. While the level of encryption on these SSL certificates is the same as a DV certificate, they differ in how they validate the certificate holder’s identity. Anyone can put up a site with a DV certificate, but for OV and EV SSLs, the Certificate Authorities that issue them verify that the person requesting the certificate is associated with the business in question, helping to cut down on fraud and phishing. EVs require the highest level of validation.

If you need more information on each of these types of SSL certificates, as well as the difference between single domain, multi-domain, and wildcard certificates, check out our article that explains when you might choose each of them for your business.

Free SSLs—Like Buried Treasure?

All SSLs encrypt website data in the same way, but that doesn’t mean they’re completely interchangeable. When you’re investigating your options, you’ll find some that cost several hundred dollars, and others that are free.

Dog in front of secure and not secure padlocks

Free? What a great deal!

Be careful. Free SSLs can be a golden egg for a small website that just wants an HTTPS URL. But they can also be a dragon in disguise, causing a lot of trouble down the road.

While some free SSLs can be great, you need to do your research. Here are some of the pitfalls of free SSLs:

  • Many are short-term (e.g. 30 or 90 days) meaning you might need to renew them frequently or purchase a pricey option at the end of the “trial period.” (Many providers do offer automatic certificate renewal, so it’s something you need to look for.)
  • They do not come with a warranty that protects customers against a validation breach.
  • They can be complex to install, requiring advanced server management skills.
  • Some require shell or SSH access into your hosting account and cannot be installed via cPanel or similar user-friendly dashboards.
  • Most don’t come with support to help you with the installation and authentication process.
  • They only provide the Domain Validation (DV) option.
  • Some use shared certificates. In these instances, one certificate is used by multiple websites and none of the users actually owns the certificate and thus cannot be completely confident in its security. In contrast to free SSLs from CDNs, paid providers offer private SSLs and users own their certificates.

Something else you need to watch out for with free SSLs is ‘self-signed certificates’ that are not issued by a Certificate Authority. Self-signed certificates are SSLs that provide no validation and are signed by the issuer’s own private key rather than an independent authority. This is the equivalent of letting a dragon tell you he’ll protect your website against other dragons.

Beware of SSLs in Sheeps’ Clothing

When it comes to choosing a good SSL, price isn’t the only consideration. You also need to think about where you’re getting the certificate from.

Security doberman at castle gate

When choosing your SSL provider, there are several things to look for:

  • Who is the Certificate Authority the company uses for their certificates?You want to go with a name that’s well-regarded and trusted, such as Sectigo (formerly Comodo), and which works with all common browsers and operating systems.
  • What kind of support and documentation does the company provide?Setting up SSLs is not always a simple or intuitive process, and if you need assistance you need somewhere to turn. Look for a provider that offers 24/7 support so you know there’s someone available when you install the certificate as well as later on if something goes wrong.
  • Does the provider make SSL management easy and straightforward?They should offer easy renewals, warnings for expiring certificates, and a dashboard to view all of your certificates. Having this information at your fingertips will help prevent nasty surprises later.
  • Does the company provide information about each certificate to help you make the right decision for your website? You’d be surprised at how common it is to get a dozen options with no documentation anywhere to help you choose between them.
  • Do they also offer domains and hosting? While this isn’t a deal-breaker, it’s a lot easier to install and configure SSLs when the certificate is provided by the same company you use to register your domain and host your site. Plus if everything’s in one place, support staff can go a lot further to troubleshoot issues if things go wrong. At Namecheap, we can even assist you with installation if you get in touch!

Don’t Trust a Dragon with Your Website

In the end, when you’re shopping for SSLs, you have a lot of options. We’d like you to consider Namecheap. We offer a wide variety of competitively-priced SSL certificates to meet all of your security needs, along with detailed explanations and excellent support. And if you’re a new Shared Hosting customer, we’ll throw in up to 50 PositiveSSL certificates for free!