Do You Still Need to Buy SSL Certificate in 2017?

SSL Certificate is important, and in a month from now, it’s about to become even more important. In October, any visitors who came to a site that has any kinds of input form (comment box, contact form, whatever) without SSL certificate installed and their connection encrypted, will receive a warning from Google that the site they are visiting is insecure.

That, of course, can be really bad for business. So it’s understandable that people have been looking to get SSL Certificate installed and force their site to always use SSL. Unfortunately, there are many people out there who know that the typical user might be confused about which SSL they need to get and trying to profit out of this urgency that these users have.

In short, a typical website does not need to use paid SSL Certificates. What you need is simply a domain-validated (DV) SSL Certificate, and in 2017, both cPanel and Let’s Encrypt now issue them for free.

This might still be a bit confusing, so let us break it down even further:

Types of SSL Certificates

There are three types of SSL Certificates. Domain Validated (DV), Organization Validated (OV), and Extended Validation (EV).

They are mainly different based on how they are validated. With domain validation, the validity of SSL certificates installed on your site is verified by the Certificate Authority (CA) accessing your domain and making sure that you have the right to use that specific domain name. Organization Validated and Extended Validation refers to a more comprehensive type of validation, in which the CA will conduct a more thorough vetting of the existence of the organization behind the site.

Now, these 3 types of SSL certificates used to all require money to get. But with the increasing need for security and encryption around online communication, major internet organizations have come together to support an initiative to create a Certificate Authority that can issue SSL certificates for free. This new CA is called Let’s Encrypt.

Let’s Encrypt & Your Hosting Providers

Let’s Encrypt can issue a domain validated SSL certificates for free, and this is what the typical website will need. The even better news is, many hosting providers now integrates Let’s Encrypt with their control panel, and automatically issue SSL certificates for all domains that are active on their servers.

One of these hosting providers that automatically issue and renew SSL certificates powered by Let’s Encrypt for you is HostPapa. When you purchase a hosting plan with HostPapa, once you have the domain active and is pointing to HostPapa, the server will then issue an SSL certificate for your site. You don’t have to do anything else or spend additional money.

SSL Status on HostPapa. Valid Certs are freely renewed by cPanel Auto SSL every 3 months.

You can check whether your hosting providers without you knowing has issued an SSL certificate for your site by checking your domain using tools like SSL Checker.

If your hosting providers still do not offer free SSL certificates in 2017, I do really recommend switching as you really don’t need to spend additional money to get SSL certificates installed.

My Hosting Provider Has Issued an SSL Certs for Me But My Site is Still Showing as Insecure!!

This is a typical reason why many people still purchased an SSL certificate even though their providers already gave them free SSL. The reason why your site is still showing as insecure even though it’s showing it has SSL installed on SSL Checker is that you haven’t configured your site to use SSL.

For SSL to work properly, you need your site to only be accessible through the https:// protocol. If your site previously is configured to work on the http:// protocol, you need to configure redirection. You can do this by simply adding this line of code on your .htaccess:

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
If after you did this redirection and add the block of code in your .htaccess your site is still showing as insecure, you might have links in your website code written to use http://.
These are known a as mixed content warning. You need to edit these http:// links manually to https:// in order to no longer get this warning.
Using wordpress? It’s even simpler to force your site to use SSL. Just install a plugin like Really Simple SSL, and you will see your site is now configured to use SSL in no time. Welcome to 2017, where SSL is free and your site is more secure because of it.

You Might Also Like:

AuthorGagah Putra Arifianto

I've been working in the web hosting industry since 2009. Been helping people get their website online since i was 14.