No need to buy SSL certificates – they’re free!

Posted by HostAsean Editor on 01 07 2019. in E-Commerce & Online Payments, Website Security

You need an SSL certificate on your website, that’s not up for discussion. But we have decided not to sell SSL certificates anymore except in special cases. Why? You don’t need to buy an SSL certificate because we already give you one for free. Read on to find out more about our free SSL certificates and how to use an SSL certificate to secure your website.

Google’s quest for a secure web – all the encouragement you need to get an SSL certificate

Starting in February 2018, version 68 of Google Chrome started marking non-SSL websites as insecure in the browser address bar. This affects any website that still uses the “http” protocol rather than “https” (the “s” stands for “secure”). Since then SSL certificates have been a hot commodity, but in most cases you don’t actually need to buy an SSL certificate – any good web hosting provider will offer a free automatic certificate included in your hosting package.

All our web hosting plans come with free SSL certificates that are generated and renewed automatically. You don’t have to do anything – just sign up for a web hosting account with us and the SSL certificate will be installed and ready for use within about 15 minutes. After that it’ll be renewed indefinitely. Automatic security for your website, you can’t beat that.

What’s the free SSL certificate that you offer and what does it cover?

The free certificate is installed automatically for every new web hosting account. This covers your main domain name (www and non-www) plus any and all subdomains that you create in your account. It’ll even generate a free SSL certificate for your add-on domains. Basically, any website or apps you host within your cPanel account will be automatically secured by https.

The free SSL certificate is issued by cPanel and the Comodo certificate authority. It is a domain validated (DV) certificate offering the same level of encryption as standard paid certificates.

The only things it doesn’t do are validate the business or organisation behind the certificate, provide a monetary warranty for e-commerce transactions, or provide the “green bar” that an extended validation (EV) certificate offers. These higher levels of validation and warranties are the only reasons you might choose to buy an SSL certificate.

What if I need an organisation validated (OV) or extended validation (EV) certificate?

If you know that you need one of these, then you already know that you can get these higher end certificates direct from the certificate authorities (CAs) with direct support and often better pricing than we could offer. For OV and EV “green bar” certificates you’ll also need to get the required documentation ready to validate the business behind the domain name. This process is simply easier to do direct with the certificate authority. There’s no benefit to you from buying through a middleman. You can buy your OV or EV SSL certificate anywhere and install it on your web hosting account on our servers, or any other servers that you manage in your organisation.

How about wildcard certificates to secure my subdomains?

Wildcard certificates are another case where you might choose to buy an SSL certificate. These are great for businesses with larger systems that need to secure multiple subdomains spread over several servers. If all your subdomains are hosted on our cPanel web hosting accounts then they’ll be automatically secured by our free certificates, so you don’t need to buy a wildcard SSL certificate for this – only if you are also using it on other servers.

Using your free SSL certificate

Your free SSL certificate will be ready to use within about 15 minutes of setting up your account. Though in some cases it may take longer if your domain name has not yet propagated – just contact us if you have any questions on this.

To test your SSL certificate just visit https://yourdomain.com and you should see the padlock icon show up in the browser address bar. This means your SSL certificate is ready to use. But you might still need to do some configuration on your website itself.

Mixed media SSL errors

This is something to watch for when implementing a SSL certificate. It’s often not as simple as just typing in a different “https” URL to visit the secure version of your website. You need to ensure your website loads all resources – scripts, stylesheets, images – from a secure “https” location too. Basically, if a web page is https then everything loaded on that page must also be https.

In WordPress the best way is to run a database query, the most thorough and easiest method is by using WP-CLI’s search and replace function, which also replaces data embedded in serialised strings. If you don’t have access to WP-CLI then you can run some SQL queries in phpMyAdmin. This updates all your links and image source URLs to use “https” and ensures all content you load on your page is from the secure version.

There are also WordPress plugins for this such as Really Simple SSL, but if possible we recommend the database method as the proper way to do things as it doesn’t add bloat to the site.

We often switch customers over to “https” under our ongoing website maintenance plan, if you’re looking for expert website management and the best security then find out more about our ongoing Support & Maintenance plan. Just contact us if you have any questions about our free SSL certificates, or anything else related to website security.