Quick Links
Would you shop at a store where anyone could take a peek at your credit card number?
Our guess is that you wouldn’t go anywhere near it.
Yet, that’s what it’s like shopping at an online store that doesn’t use SSL/TLS encryption (HTTPS).
That’s why HTTPS has become the norm for virtually every website online – and you need to get an SSL certificate to use it.
It’s largely replaced HTTP, although there are still PLENTY of websites online that have yet to make the switch.
How do you know if a website uses HTTP or HTTPS?
All you have to do is check for the tiny padlock symbol in your browser bar next to the URL.
Besides the padlock, the URL will also begin with ‘https,’ which is how you know your connection is secure.
If there’s no padlock and you see ‘http,’ your connection isn’t secure.
HTTP has become so frowned upon that popular web browsers like Google Chrome will flag sites using it as ‘not secure,’ complete with a warning message for users to continue at their own risk.
If you’ve recently started a website or blog, you DEFINITELY want to get an SSL certificate, lest ye be shunned by the internet at large.
As a bonus, HTTPS is a lightweight ranking factor, so using it will help your SEO.
Read on to learn how you can get an SSL certificate for your website without paying a dime.
Understanding SSL, TLS, and HTTPS
Given all the acronyms, it’s easy to become confused when discussing things like SSL certificates, TLS encryption, and HTTP/HTTPS.
Here’s a quick breakdown of each term:
- SSL (Secure Socket Layer). A secure socket layer makes it possible to establish a secure connection between a website and a browser by encrypting the data (scrambling it so it doesn’t make sense). It can also securely connect two servers. With all the data encrypted, hackers won’t be able to access sensitive personal or financial information.
- TLS (Transport Layer Security). TLS is an updated version of SSL that’s even more secure. However, since SSL is such a common term, everyone still calls them SSL certificates (even though they all use TLS now).
- HTTPS (Hypertext Transfer Protocol Secure). HTTPS is the transfer protocol used whenever a website has an SSL certificate, and it appears at the beginning of a URL. Users can also click on the padlock symbol to view more information about the SSL certificate (try it out on this web page if you want).
To summarize, SSL is now outdated, and all SSL certificates use TLS instead. Since TLS hasn’t entered the lexicon yet, people still stubbornly call them SSL certificates.
Why Do SSL Certificates Matter?
We’ve already mentioned that browsers like Chrome display a warning message before directing users to HTTP websites.
Despite this, there are still websites that use HTTP even now, especially lots of international websites.
For example, China’s most popular search engine, Baidu, does not use a secure connection. Whenever you visit the website, you’ll see a padlock with a red line through it next to the URL – meaning that your data is not secure.
Google doesn’t like HTTP at all, which is why HTTP sites almost never appear on its search engine results pages (SERPs).
They even use what they call default HTTPS indexing, which means if a site has two versions using two different protocols, Google will always index the HTTPS version above all others.
So, if you want your website to stand a snowball’s chance in hell of ranking in the top 5, an SSL certificate is an absolute necessity.
Besides improving your SEO, there are plenty of other ways having an SSL certificate will benefit your website.
They’re invaluable for eCommerce stores
Since SSL/TLS ensures a secure connection between your server and your users’ browsers, all their sensitive information gets encrypted.
That means if a mischievous hacker tries to take a peep at one of your transactions, all they’ll see are scrambled numbers and letters.
For your own sake, you should never shop at an online store unless you see the padlock symbol next to the URL. Otherwise, any data you enter into the site (credit card numbers, email addresses, social security numbers) is at risk.
Whenever shoppers see that your connection is secure, it’ll put their minds at ease, and they’ll be far more likely to trust your brand.
If you try to build an eCommerce store without an SSL certificate, you’ll practically vanish from the SERPs, and your users won’t want to put their data at risk to buy whatever it is that you’re selling.
Added protection against hackers
As a site owner, you need to protect your login credentials with your life. Should a hacker uncover your username and password, they could enter your website and do whatever they please.
Luckily, an SSL certificate drastically reduces the chances of this happening due to encryption.
If a hacker tries to take a peek at your sensitive information, the TLS encryption will jumble the data to the point that it’s indecipherable.
Meet PCI standards
Any website that wants to enable card payments (debit and credit) must first meet the requirements laid out by the PCI (Payment Card Industry) Security Standards Council.
One of these requirements is that each website must have an SSL certificate for a secure connection.
If you aren’t using HTTPS, you won’t be able to accept card payments on your website, which is a huge downside.
Ways to Get an SSL Certificate for Free
Now that you know why SSL certificates are necessary, it’s time to learn how to get one.
The good news?
Since HTTPS is so widespread now, it’s extremely easy to get an SSL certificate for free.
While there are still commercial SSL certificates that cost money, they aren’t necessary for most website owners. That’s because the level of encryption you get with a paid SSL certificate is exactly the same as a free one.
Wait, why would anyone pay for one, then?
Some sites pay for SSL certificates due to other perks, such as better customer support, the ability to secure more complex systems, and more validation options.
Using CloudFare
At The HOTH, we use the free SSL certificate we got from CloudFare.
They were actually the first-ever company to offer free SSL certificates, as they launched their Universal SSL back in 2014.
To claim your certificate, all you have to do is sign up for a free CloudFare account, which will also provide your site with the following performance benefits:
- Protection from DDOS attacks
- Filters out most spam attacks
- Protects against comment spam (VERY useful for your forum and blog comments section)
- SQL injection protection
Here’s what you need to do to snag your free SSL certificate.
First, head over to the CloudFare website and click the Sign Up button.
Once you’ve created a basic account, it’s time to add your website to CloudFare.
From there, CloudFare will scan your website to uncover your IP information.
Next, you’ll need to select a package (select the free version if you don’t want to pay anything).
Lastly, CloudFare may give you some settings that you need to change with your registrar or hosting company for the platform to work correctly.
Once that’s done, voila! You now have a free SSL certificate, as well as protection from most spam attacks and a rock-solid CDN (content delivery network).
We feel this option is the best for most site owners, as it’s completely free and provides an overall security boost to your website. What’s not to love about that?
Other methods besides CloudFare
If you don’t feel that CloudFare is a good fit for you, or if you’re already using another CDN – there are other ways to obtain SSL certificates for free.
Services like ZeroSSL and LetsEncrypt both offer free SSL certificates, and they work with most hosting providers.
If your website is hosted on cPanel, you’ll get a free certificate from them using AutoSSL.
You won’t have to worry about filling out forms or copying certificates into place. Instead, AutoSSL takes care of everything for you, including installation and renewal.
All you have to do is enable AutoSSL, and you’ll automatically have a free, domain-validated SSL certificate for your website.
The website SSL For Free is another option, and all you have to do is enter your domain name to get started. Their site also contains lots of tutorials covering SSL certificate verification, installation, and renewal – which is a helpful resource.
It really doesn’t matter which method you use as long as you wind up with a verified SSL certificate for your website.
Once you have one, you’ll enjoy better visibility on search engines. Also, Google Chrome won’t warn users about your site, and the secure connection will protect your data from hackers.
Start Protecting Your Website’s Data for Free
That’s all it takes to start using an SSL certificate on your website, and the benefits of doing so are almost too many to count.
HTTPS is by far the norm these days, so using HTTP will make you stick out like a sore thumb. Most users won’t trust your site, and there’ll be an unsightly red line through the padlock symbol.
That’s why it’s worth taking the time to install a free SSL certificate.
If you need help with the technical side of your SEO strategy, including site security, don’t wait to check out our five-star Technical SEO Services.
Hey Guys, I love it when I learn something new. Best part, this was a short and sweet article. Kudos to you! I looked at my JustHost options and could not see any offering for a decent SSL option. They have a shard version but the web address starts with XXX.justhost or something like that.
I wasn’t aware that Cloudflare offered a free option for SSL. Do you know if it’s per person or can you secure multiple websites?
Thanks,
Jim
Hey HOTH Team,
I got our website’s SSL certificate from GoDaddy.
So sad, I only read about this today.
I could have saved a few bucks, LOL.
Anyway, the good thing is our site is now on https.
But when I enter or keywords and click on our website on the SERP, I still
see the http version…
What am I missing please?
Thanks!
Google has some documentation here – https://support.google.com/webmasters/answer/6033049
Basically you’ll want to add the https version to your search console – https://support.google.com/webmasters/answer/34592?hl=en
Cheers!
Thanks for the info on SSL.
This was extremely helpful! I’ve been referring to you guys (and singing your praises to others) since I’ve started working on my business about a year ago. It’s easy to understand, to the point, and just awesome in every way.
Thanks for all y’all do!
Thanks!
Nice. Been thinking about making the move to SSL. This is just the right motivation I needed.
Thanks for the info. Just did it through the whm and cpanel.
Don’t forget to redirect http to https using htaccess. i found this code.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
SSL has become really simple and cheap. In Germany there are still many providers who charge 100€ per year. I can imagine that this is becoming increasingly important.
It also creates a lot of trust in my opinion.
Many greetings
Mike