Visiting an unencrypted website is nerve-wracking — especially when you’re thinking about providing personal information. On the one hand, I really want this pair of pumps embellished to the nines with Swarovski crystals. On the other hand, the lack of a paid or free SSL (secure socket layer) certificate attached to the website makes me wonder if the shoes outweigh the potential risk of having my credit card information compromised. (Spoiler: it doesn’t.)
Like most internet users, I value my security. And if your site doesn’t have an SSL certificate attached to it, I’m going to think twice about handing over my email address or personal info. As a small business owner — or any website owner for that matter — who might require such information, an SSL is a must-have.
Knowing you’re in need of an SSL is only half the battle — now you have to pick one. For the most part, you’ll be looking at a free SSL or a paid SSL. What’s the difference? Is one more suitable than the other? Let’s break it down.
Paid SSL certificate
Paid SSLs have been around for a while. You can purchase them from a number of retailers, and they (like free SSLs) are used to safeguard your website and protect your clientele.
A few things to consider
Liability protection. In general, if your purchase an SSL certificate, you’re going to get better liability protection than you would if you were to use a free SSL. If you’re an eCommerce store, think of this as insurance for your business.
Organization Validation (OV) and Extended Validation (EV). In addition to validating the domain like a regular SSL, an Organization Validation SSL validates the organization behind the website. Extended Validation SSLs take website security a step further with a rigorous vetting process that enables them to have the signature green address bar at the top of your browser.
Wildcard SSL certificates. Wildcard SSL certificates cover the primary domain name and all affiliated subdomains — all under one certificate. It’s great if you’re running a business with multiple servers.
Varying term lengths. Most places offer SSL certificates for one-, two- or three-year terms. Pick a length that suits your business needs and move onto the next task.
Increased SEO ranking. We’ve been suspecting this would happen for years, but Google confirmed it gives secure sites a ranking boost. If anything, that’s reason enough to add an SSL to your website!
Cost. First and foremost, SSL certificates can be expensive. They’re a necessary cost — especially if you’re selling products online — but it’s still a cost for your business. Evaluate your site and determine what kind of protection you need.
Time-intensive. If you’re not experienced with downloading certs, generating CSRs (certificate signing requests) or installing SSLs, it can be a bit daunting. If you’ve never done it before, call customer support.
Free SSL certificate
With companies like Let’s Encrypt and SmartSSL, free SSL options are popping up across the internet. They’re quick, they’re convenient, and they’re appealing to bloggers and other web users who typically don’t process payments online.
A few things to consider
Free. It goes without saying that free is appealing to many. SSL companies, like Let’s Encrypt and StartSSL, offer free domain validated (DV) SSL certificates.
Completely automated. There’s a reason Let’s Encrypt only handles DV SSLs — they can be generated swiftly and painlessly (no human effort required). Just remember this isn’t necessarily the case for DV SSLs at other companies.
Some places already include them. Recently, WordPress.com announced free HTTPS security for all custom domains hosted with them. That’s some serious news if you’re a blogger! Not only is it free, it’s already included.
Some are open source. For my tech readers out there, this is great news. Let’s Encrypt posts its code on GitHub, so if you run into issues and have the capability to fix it on your own, it’s totally doable.
Increased SEO ranking. Like paid SSL certs, free SSLs offer a signal boost. It has little do with the “free” or “paid” aspect and more to do with encrypting your site. Google and other search engines promote internet browsing over secure channels.
Strict term lengths. Some of the free SSL providers, like Let’s Encrypt, set limitations on their renewal process for SSLs. Unlike other certificate authorities, Let’s Encrypt only allows 90-day SSL certificates. That means constantly renewing and reupping as needed. (Note: SmartSSL’s free SSL certs are good for three years.)
DV SSLs only. Most free SSL providers only offer DV SSLs due to the ability to easily generate certs. And, as it stands right now, it doesn’t look like they’ll be adding Wildcards, OVs or EVs to their stock in the future as they require a human element.
Need tech chops. In general, places that offer free SSLs in addition to paid SSLs also have a customer service department — but you’ll likely need some technical know-how if you go with an SSL provider that doesn’t include customer support. GitHub is great — if you’re tech-savvy. There are community forums to browse if an issue occurs, but it’s a lot different from SSL providers that offer 24/7, phone, chat or email support.
Note: Need a little help installing a Let’s Encrypt SSL on Apache or Nginx? Check out these GoDaddy support articles:
It’s your decision
Regardless of how you do business online, you’re still at risk for getting hacked — even if you only collect the occasional email address. So when it comes to your customers’ security, take it seriously.
If you’re wavering between using a paid or free SSL cert, pick the solution that best fits your business. If you’re a blogger who’s only in need of domain validation, then go ahead and opt for the free certificate. If you’re selling products online, you’re probably better off with an EV cert. Take the amount of support you need into consideration. Are you tech-savvy? Do you foresee any complications? All things considered, just do right by your business — and by your customers.
Also published on Medium.