Hey guys, we have been asked several times recently about whether you should be concerned with domain companies and hosting companies claiming they offer free SSL certificates.
Why SSL is important?
And what about some companies who say you get free SSL for the first year, versus companies who say you get SSL forever free? What does it mean in a practical sense? And do you even need SSL on your website? Well, the simple short answer is yes, you need SSL on your website. You require an SSL certificate even if you are not taking card numbers or having login pages where people enter usernames and passwords, The Google search algorithm prioritizes sites that have an SSL certificate.
Google feels so strongly about sites having SSL that now any sites that don’t have them display a not secure warning within the Google Chrome browser. Where sites that offer SSL will just display the lock icon. Google has been shifting the narrative of SSL from something you use for extra security to being the new standard, where if you don’t have one, your site is suppressed in the algorithm and labeled as not secure.
SSL charges by Godaddy and other registrars
So yes, there is no thanks to spin it your website needs an SSL certificate. Now recently, once I did my GoDaddy web hosting review, I saw that they’re charging 667 a month for an SSL certificate. There are numerous people that pay a minimum of something for an SSL certificate because they know it is a priority and that they figure it just costs money. Well, in the past, it did. It wasn’t unreasonable to pay 10 plus dollars per annum for an SSL certificate. But today, there’s little reason to buy SSL.
That’s mainly because of Let’s Encrypt, a nonprofit certificate authority providing free SSL certificates to everyone. A lot of web hosts I recommend already work directly with Let’s Encrypt to give you free SSL certificates for your website. Hosts like Cloudways, WPengine, and DreamHost offer direct integration with Let’s Encrypt, so you can simply click a button in your panel and get your free SSL certificate.
About SSL certificate market
Still, tons of hosts don’t offer integration for this. for a few hosts, it’s because they haven’t gotten around to adding it yet. And for others, and this is often the large reason, it’s because they might rather sell you an SSL certificate and make extra money . and that is just the sad truth of the hosting industry. But there’s actually a workaround to the present problem. and that is to use Cloudflare. Cloudflare may be a free content delivery network, security firewall, and external DNS system that
I’ve talked about it before on this channel. it’s very liberal to use, and that they actually offer a variety of options to urge SSL on your website for free of charge even for hosts that do not support Let’s Encrypt. Just by fixing Cloudflare together with your website, you’ll use what’s called flexible SSL.
This is where traffic is encrypted from the Cloudflare servers to your browser, which is sufficient enough for the browser and Google to recognize your site as secure and present the lock icon. This method of free protection is easy to set up and is perfectly legitimate if you’re using SSL to display the lock and satisfy the Google algorithm.
What about free SSL security?
But if you are taking card numbers or having a member login area on your website, I would recommend having a full SSL solution. This is where all the traffic from your web host through Cloudflare and to the browser is fully encrypted. This is the type of full SSL you receive for free via Let’s Encrypt on hosts like Cloudways and WPengine. The good news is CloudFlare still makes it easy to set up even if your host wants to charge you for an SSL certificate. You can download a free SSL certificate from Cloudflare and install it on your web hosting account so you’ll never have to pay a dime ever for an SSL certificate.
Okay, so if there are so many ways to get SSL for free, then why would you ever want to pay for one? if you go to a site like SSLs.comm you’ll see these different brands of SSL certificates for different prices. There’s this one from PositiveSSL for 377 a year, then there’s this one from PremiumSSL for $104 and 88 cents a year. So the PremiumSSL one must be way more secure, right, right? Nope, an SSL certificate is an SSL certificate. And when we take a look at the spec sheet, we see that both certificates have the same exact encryption in security standards.
Difference between free and premium SSL
The difference, the premium SSL offers a $250,000 warranty if the encryption gets compromised, where the cheap certificate offers a $10,000 warranty. Additionally, the expensive certificate requires your organization to be validated for you to get the certificate where the cheap one uses an automated system and anyone can get their hands on it. So if you’re following along, the only reason to pay for an SSL certificate at all is to get insurance on it.
If you are doing high-risk stuff like making an online banking platform or something, this might be appealing to you. But even then, wouldn’t you have liability insurance on a way higher level? And what good is $250,000 of insurance going to do for you at that point anyway? That’s like the FDIC insurance cap of one bank account. But hey, for kicks and giggles, I wanna look to see what kind of warranty GoDaddy offers on their $80 a year SSL certificate, which is the cheapest one you can buy through GoDaddy. And the survey says you get a $100,000 warranty. At least you’re getting something for your $80. I don’t know. To me, I personally don’t see the point of paying for an SSL certificate.
Let’s Encrypt free SSL
I haven’t paid for one in years since Let’s Encrypt became mainstream and I use Cloud flares flexible or full SSL solutions for 100% of my websites. So what do you guys think of paying for an SSL certificate? Is it something you would do or are you going to try the free methods I pointed out in this video? I’d love to know your thoughts in the comments down below. And if you liked this video, do be sure to hit that subscribe button and click the bell so you don’t miss it when I release new videos. With that said, I’ll catch you guys next time.