Do I need an SSL certificate?

The Short Version

It’s never been more important for your website to have a secure socket layer (SSL) certificate. There are free and premium (paid) versions of these. Free versions are a simple domain validation (DV) SSL certificate. These DV certificates are only suitable for securing low level websites and not for any type of business.

Premium SSL certificates are a better choice for websites in which reputation and revenue are a primary concern. Premium certificates ask for greater proof of ownership and that is reflected in their organized and extended validation. This makes them the better choice for eCommerce, healthcare, banking, social media and any other website in which user data is collected and used.

The joys of a cheap and open Internet means It’s never been easier for people to create a personal website or open an online business. This is a great thing, with one caveat: the rapid rise of hacking attempts and identity theft. With each passing day, website visitors are becoming more aware of internet security, in particular, website encryption.

This growing concern among users is why Google announced their HTTPS Everywhere initiative in 2014. This adjustment to their algorithm resulted in “HTTPS” (SSL secured websites) receiving higher rankings in search results compared to non-secure sites with the same content. As you can imagine, this made, SSL certification a top priority for online businesses and the web developers responsible for them.

However, the debate remains between developers and companies who still cannot decide between installing one of the commonly-available free SSL Certificates or purchasing a paid SSL Certificate from a trusted SSL provider.

You might have installed a free SSL certificate in the past and at this point, you’re wondering if upgrading is the right choice for your site. You may never have heard of one until a few minutes ago and are wondering what you should do. No matter what the case, you've probably noticed that they come in different forms and prices. There are free and paid SSL certificates and depending on the features that come with each one, there can be a substantial cost difference.

There's no question that free SSL certificates offer a great opportunity for many website owners to protect themselves and their users. However, they are constrained in what they offer.

Over the course of this article, we'll discuss their constraints. We’ll then take a look at the differences between Free and Paid SSL Certificates to help you decide the kind of SSL Certificate best suits your website’s security. Follow this article you’ll have the all facts you need to equip yourself with the right tools for the job.


Free vs. Paid SSL?

Let’s begin with the basic question: what is the difference between free SSL Certificates and the paid SSL Certificates offered by companies like Namecheap? You might be surprised to hear that there is zero difference between free SSL certificates and those you can pay for — when it comes to their level of encryption. The key differences between free and paid certificates come down to the level of trust behind the certificate, and features included in each type of certificate.


Free SSL Certificates - Are They Enough?

Some organizations often do not have sufficient financial resources to afford a premium SSL certificate. Fortunately, companies like Let’s Encrypt, CloudFlare, SmartSSL, and Amazon offer free SSL certificates. These service providers’ certificates give website administrators the most basic security features and access to HTTPS. The purpose of offering free SSL started as an initiative aimed at encouraging websites to switch to the secure HTTPS protocol. This initiative received the support of search engines including Google and Bing, popular browsers Mozilla and Google Chrome, social network Facebook and many others.

Let’s Encrypt are one of the most popular providers of these free certificates They’re an open source project with the goal of creating a 100% encrypted Web. This certificate authority (CA) has rocked the CA industry in recent years by offering free Domain Validation (DV) SSL certificates to any qualifying site. The benefits are threefold for their users: a site is secured, visitors have peace of mind, and site administrators have to spend a dollar. It’s an understandably tempting proposition.

Readers who've set up an SSL certificate before will know that the process could stand to be simpler. On launching, one of Let’s Encrypt’s major goals was to simplify the process of obtaining and installing an SSL certificate. To that end, they’ve been a great success. Their accessibility has made them incredibly popular. The certificates are quick to set up, they’re convenient, and they’re appealing to bloggers and other web users who typically don’t process payments online. They not only save you a lot of hassle, but it also means you won’t have to pay for yearly renewals.

Here’s a breakdown of the most beneficial features free services such as Let’s Encrypt offers:

  • Heightened security - Any SSL certificate allows you to use the HTTPS protocol throughout your website.

  • Less hassle - Adding and renewing certificates can be a bit of a process, but Let’s Encrypt keeps things simple.

  • SEO advantages - Search engines such as Google are strongly encouraging website owners to use the HTTPS protocol on their sites. In practice, this may translate to better SEO results.

At this point, using a free SSL CA might sound like the perfect option. While there are clear benefits to using free SSL services such as Let's Encrypt, that doesn’t mean you shouldn’t consider other options.

Types of Free SSL Certificates

All free SSL certificates are Domain Validation certificates.

Domain Validation (DV SSL) certificates provide the lowest level of certification available. To issue a DV certificate, the issuing authority will only verify the owner of the domain name. This is usually done by email, but it’s possible by telephone or alternative methods. After validation, the certificate is issued and users can be certain that data is sent securely, and that the domain is authentic. In fact, often the process is entirely automated, which accounts for why they are so much cheaper than EV SSL certificates for example which requires a degree of human work to issue.

While domain validation certificate verify the consent of a domain owner, they don’t make any effort to verify who the domain owner is. Since, the real identity of the website owner is not validated, it’s not mentioned on the certificate. Due to the manner the domain is validated, this certificate is open to man- in- the middle and phishing attacks. For this reason, major players in SSL don’t supply domain validation certificates.


Downsides of Free SSL

Free SSL providers only offer Domain Validation certificates because these are cost-free and can be issued quickly. While this can be a great fit for a small website or blog, it’s not the best option for larger websites or those collecting personal information about their users.

Unsuitable for e-commerce  websites

Free Certificates are domain validation only which means they don't certify the identity of the website owner, they simply ensure a secure connection. Customers can't be sure of the integrity and trustworthiness of the website owner. If you need to secure credit card and personal information on e-commerce websites, free certificates aren't the answer. It's important your customers trust your business is safe enough to hand over these details. To gain this trust, you need a certification of your authenticity, which you can only get with a (paid) Business Validation or Extended Validation SSL Certificates.

May damage customers trust

As a consequence of having a basic free SSL certificate, your customers may not trust you. It might appear that you aren’t willing to invest in an SSL Certificate issued by a reputable Certificate Authority. Any lack of trust from your visitors will affect your reputation, and profitability.

Limited customer support

Free SSL issuers provide limited customer service and rarely dedicated support, so issues aren’t resolved promptly. The types of companies that offer SSL Certificates for free, or include them among other services that they offer, are less likely to provide adequate customer support. Even if they have dedicated support channels, it's unlikely they reply or resolve issues in a timely manner, which is crucial for your website’s security. Waiting for a solution to even a small problem can have negative effects on your website and business.

Constant renewals

Most free SSL Certificates are issued for around 90 days which means they need to be renewed each time this short period lapses.

Limited usage

There can be awkward limitations to free SSL certificates. The free SSL Certificates provided by Amazon are only available to users located in North Virginia, Oregon, Northern California, and São Paulo. This is an inconvenience for companies activating outside those areas, and as a further barrier to entry, their free SSL Certificates can be installed only by Amazon customers. They must be using Elastic Load Balancers and Amazon CloudFront - making it impossible to install free Amazon SSL if you are using an alternative hosting company.


Premium SSL Certificates - Are They Worth It?

As we’ve mentioned - as far as the level of encryption is concerned, a free SSL certificate provides the same as a paid one, which logically begs the question: Why should I pay for the same certificate when you can get it for free? Here’s why:

Paid certificates are issued and signed by the most trustworthy certificate authorities (CA). You either get it directly from the certificate authority’s website, or you can purchase conveniently from companies such as Namecheap.

Paid certificate authorities go by many names, including “paid,” “premium” and “commercial.” They offer the full range of SSL certificates types such as Business Validation, Wildcard, Extended Validation or Multi-Domain SSL provided by a variety of trusted CA’s such as Comodo. To get hold of one of these certificates, you need to prove your legal credentials. Extensively proving you and your business are legitimate is worth it. Your paid SSL certificate will have strong trust signals to give your site browsers peace of mind.

Types of Premium SSL

Alongside domain validation, commercial CA’s offer a variety of premium SSL certificate types including:

Benefits of Premium SSL Certificates

There are many reasons why we'd recommend opting for a premium SSL Certificate. The most valuable benefits include:

Well recognized

Certificates issued by reputable authorities make a website seem more reliable. With paid certificates, clients may report any issue they come across to their CA, which is obliged to promptly investigate them. As a result, clients feel safer having their backs ensured by trusted CAs.

More choice

Paid SSL Certificates are issued in all three validation types — Domain, Extended, and Business Validation. There are even types based on the complexity of the website, for example, One-Domain, Wildcard, and Multi-Domain Certificates, and Code Signing SSL Certificates to secure downloadable software and digital goods.

Longer renewals

Paid certificates are issued for up to three years. This means your online business will stay secured for a long time without you having to concern yourself about the impending renewal of your certificate.

All server compatibility

Conveniently, premium SSL certificates are compatible with any hosting services as well as self-managed or dedicated servers, making it easier to set up.

Warranty protection

When you pay for an SSL certificate, you typically get a warranty. This acts as an insurance covering any damage should it incur resulting from a flaw in the certificate such as your site being hacked or data breach caused. The liability amounts range from $5,000 to $1,500,000, the higher the value — the more extensive the warranty is.

One of the most appealing things about premium certificates is the premium service. There’s no administrative burden or increased demand on developers; certificate owners just contact their providers for dedicated customer support. Besides helping out webmasters, premium SSL certificates carry a lot of weight with customers’ trust. Trust is something anyone in business should champion, especially those for whom eCommerce is important.

In any situation where you expect users to feel comfortable entering their credit card details or giving out personal information, paid SSL is a must. A premium SSL seal (green browser bar or padlock) will reassure consumers that they are doing business with a reliable company.


Difference Between Free vs. Premium SSL

There are six main differences between free and paid certificates.

  1. The number of options available

  2. Issuance and Renewal Processes

  3. Price

  4. Support

  5. Trust

  6. Warranty

Paid SSL certificates have been around for a some time now. Like free SSL, they are necessary to safeguard your website and protect your clientele. The key difference between commercial certificate authorities and free versions is that commercial CAs have far more expertise in managing the constant cyber threats that jeopardize website functionality. Compared to free certificates, the level of validation that paid CAs require acts as a strong trust signal.

When it comes to your website’s security, you get what you pay for. Although free SSL certificates pose an attractive solution, they come with certain drawbacks. On the other side, there are paid SSL Certificates with options available that offer a wider range of benefits. Despite their cost (which isn't significant when compared to the amount of security they offer you and your visitors) they are the only way to appear trustworthy online.


Should you go with Let’s Encrypt or a Commercial Certificate Authority?

Let's get down to what matters. Does it make sense to pay for a premium certificate issued by a commercial CA when free ones are readily available? The answer depends on the purpose of your website and how much you value the trust of your users / visitors.

Modest site owners might get by making sure their visitors will trust their site thanks to an HTTPS connection while avoiding the embarrassing warning in Chrome. In this case, a free certificate such as Let’s Encrypt will probably do the trick. Users will have a clear signal that nobody can interfere with the content of your website during transmissions, and that no one can display adverts on your pages.

As a general rule of thumb: if your website asks for any confidential information, use a premium SSL certificate from a reputable, commercial CA. Above all, it's your responsibility to maintain the confidentiality of the information provided by your users, and for keeping their data secure. The only way to guarantee that is through a paid certificate.


Summary

Leading e-commerce websites could use free certificates, but they don't because of the reasons discussed. Purchasing SSL certificates can help conversion rates because they implant an element of trust in your customer’s mind which can be the different in making a sale. Although you must pay a bit for it up front, you're putting the groundwork into reaping the benefits later. While a small blog or website could benefit from the added security from a free certificate, when it comes to real business, this should be a no-brainer.

Above all, using a premium certificate gives your users clear signal that you care about security and your site is legit, and in the process inspiring more confidence to buy your products and use your services.

You may also like

Need help? We're always here for you.

× Close