You Don’t NEED to Buy an SSL Certificate!

Your website needs an SSL certificate to engender trust in users and ensure you don’t leak your users’ private information. However, you don’t need to buy one. Instead, you should demand one for free from your web host. And if they don’t, you should switch hosting providers! But even with an uncooperative web host, here’s how to enable SSL on your site without purchasing an expensive certificate.

Cheapest Hosting with Free SSL

Here’s the best hosting deal you can get with a free SSL right now:

Duration: 12 Months
Hostgator Coupon Code
(Click to copy):

 

Why Do I Need an SSL Certificate?

Technology websites will give you many reasons to get an SSL certificate – like security, warranties, etc. But the REAL reason most of us need an SSL certificate is to comply with Google’s directive and ensure that browsers don’t display any scary warnings to users when they visit our website. Google has been beating the SSL drum for a long time. A blog post dated Feb 2018 said that starting in July, they would mark all basic HTTP sites as “not secure”. This means your users will see a big red warning on your site unless SSL is enabled. On browsers like Firefox, users will see a sign saying, “This website does not supply ownership information”. Here’s an image:

This Website Does Not Support Ownership Information
This Website Does Not Support Ownership Information

Moreover, Google has acknowledged giving a ranking bonus to SSL-enabled sites. These are the two big reasons why you need to implement SSL. Yes, there are more concrete reasons, like security as well. But this is why you need to do it NOW. In 2018, no one should have to pay for basic SSL. Some providers like GoDaddy try and force you to purchase a certificate. They support neither Let’s Encrypt nor Cloudflare via cPanel, which enables you to get an SSL certificate with just a few clicks. But you can install the certificates manually, as explained below. But there are ways to get one for free even when your hosting provider wants you to spend money. In this article, I’ll clarify a few questions about SSL and then explain how to get an SSL cert for free.

But My Blog Doesn’t Need SSL…Right?

Yes, it does! Let’s say your site doesn’t handle any sensitive information. It doesn’t even accept login requests with passwords. No credit cards, no personal info. Nothing. Does your site or blog still require an SSL certificate? You don’t need one. Again, this is blasphemy on most tech sites, but it’s true.

However, Google doesn’t distinguish between harmless personal blogs and other websites that sell stuff and collect customer data. They will penalize your site regardless of whether or not it contains sensitive information. Users who visit your website and see a dangerous red exclamation mark will ask themselves, “Is this site safe or not”? And you don’t want them to doubt your authenticity. So if you care about your blog and don’t want to scare users away, you should still get an SSL certificate. If you’re already familiar with SSL, what it does, and why you need it, you can skip to the part where I tell you how to get it on your site without paying anything.

What Does SSL Do?

Different SSL certificates do different things. But if you’re reading this, it probably means you just want a certificate that:

  1. Converts your site to “https” from “http”
  2. Gives your site the “green” look or the “lock” on the address bar of the browser
  3. Doesn’t display a warning message to your users

Here’s what it looks like when your site has SSL:

PayPal Green Bar EV SSL Certificate
PayPal Green Bar EV SSL Certificate

A basic certificate that satisfies these requirements does two things:

  1. Ensures that the connection between your site and the user is encrypted
  2. Ensures that you actually control the domain

There are more advanced certificates that do a lot more – like checking if the organization can be contacted at a verified phone number. The more you’re willing to pay for an SSL certificate, the more verification takes place by a trusted authority. But as mentioned above, most of us don’t need all this. We just need a valid certificate to make our address bar go green, be accepted by browsers, and not be penalized by Google in the rankings.

Do I Need to Buy an SSL Certificate?

There are two easy ways to get an SSL certificate without buying one. The first method depends on your hosting provider and whether or not they make it easy for you. The second method will work for everyone. Here’s how to get an SSL certificate for your website for free without paying for it.

Method 1: Free SSL from cPanel with Let’s Encrypt

Some providers give you a free SSL certificate from Let’s Encrypt:

  1. SiteGround – click here for all SiteGround hosting discounts
  2. DreamHost – all DreamHost coupons
  3. Bluehost – list of Bluehost prices
  4. Hostgator – complete list of Hostgator coupon codes

InMotion, on the other hand, has its own free SSL option, even though they don’t support 1-click Let’s Encrypt. I asked them to clarify on Twitter that their AutoSSL solution covers subdomains: https://twitter.com/inmotionhosting/status/1015253473217179648. Here’s a tutorial on how to enable InMotion’s AutoSSL option. This is a table showing how much each hosting provider charges for SSL. No points for guessing which are the good ones!

SSL 1-year SSL 2-years SSL 3-years
GoDaddy SSL $767.88 $1907.76 $3047.64
Hostgator SSL Free Free Free
Bluehost SSL Free Free Free
InMotion SSL Free Free Free
SiteGround SSL Free Free Free
DreamHost SSL Free Free Free

You can read my tutorial on installing a Let’s Encrypt SSL certificate on cPanel via a supported hosting provider. The most famous free certificate authority is called “Let’s Encrypt”. It’s a collaborative effort between major organizations like Mozilla and Google to get SSL into the hands of everyone quickly and for free. Even though you can generate a Let’s Encrypt certificate manually and install it on your site, it’s a bit of a pain. To make it easy, they’ve teamed up with several hosting providers that offer Let’s Encrypt from within cPanel. If you see your hosting service in the list in the link, you’re in luck! These links will show you all these web hosts’ current discounts and coupons. If all goes well, you can be up and running with an SSL certificate within minutes.

Method 2: Free SSL Certificate with Cloudflare

If you haven’t heard of Cloudflare, it’s time you did. It’s an excellent free service that’s used by most big websites around the world. It protects your site from malicious threats and DDoS attacks and caches static content to reduce the load on your server. It’s pretty awesome. Cloudflare has offered free SSL functionality for all sites that have utilized its services for a while now.

While Cloudflare doesn’t install an SSL certificate directly on your site, it encrypts all information between it and the end user with its own Comodo-verified Cloudflare certificate. So as far as your users are concerned, they’re viewing your site over an SSL connection and won’t see any warnings. And Google will be happy too!

You can read my tutorial on converting your site to HTTPS via Cloudflare. Though I’m talking about a WordPress site in that article, the instructions are the same for any website. And if you haven’t signed up for Cloudflare, now is a good time to do so. Check with your hosting provider if they support Cloudflare directly from cPanel. If they do, installation of Cloudflare becomes much easier. If not, it becomes a bit more complicated, but still doable.

Method 3: Using a Cloudflare Origin Certificate for 15 Years

Installing a Cloudflare origin certificate is the best way to enable SSL on your site for free. Normal Let’s Encrypt certificates expire every 90 days. However, a Cloudflare origin certificate is valid for 15 years. So you never have to worry about an error when Let’s Encrypt renews your certificate every three months.

How to Make your Website Secure for Credit Cards

The above two methods provide robust encryption and domain name validation. But they don’t verify that you’re a real business, trustworthy, etc. For most sites, this is enough. This is pretty good, even if you handle sensitive information like credit cards and passwords. However, if you want the next level of security, you must start paying. Two higher-end certificates are called “Organization Validation” and “Extended Validation” (EV). You’re paying the certificate authority to check up on you manually, and in the case of an EV, make sure you’re an actual legal entity. Your reward is that browsers will start showing your website’s famous “green bar,” – indicating the highest level of trust.

So if you want to inspire the highest levels of trust in your customers and give them peace of mind, you might find investing in a higher-level SSL certificate worthwhile. But this has nothing to do with basic SSL; most sites can do just fine without them. So don’t get fooled by hosting providers trying to get you to pay exorbitant fees for an EV SSL certificate. Use one of the methods here, and get it for free instead!

About Bhagwad Park

I've been writing about web hosting and WordPress tutorials since 2008. I also create tutorials on Linux server administration, and have a ton of experience with web hosting products. Contact me via e-mail!

WP-Tweaks