Do You Really Need to Spend Money on SSL Certificates Anymore?
Last updated on Jul 12, 2020
Of late, SSL certificates have risen in popularity as more and more webmasters are now using them. SSL certificates can add a level of trust for your website and also ensure your site has better and enhanced security. However, do you really need to spend a good deal of money on SSL certificates? Nowadays, there are various options that can help you install SSL certificates on your site for free.
As a result, you do not really have to spend big bucks on SSL certificates. Yet, does this mean paid SSL certificates are totally unnecessary? Again, the answer is not that straightforward. In this article, we will be discussing the same.
Spending Money on SSL Certificates
Before you decide whether to buy an SSL certificate or use a free option, you must know the real purpose for using an SSL certificate. In other words, why do you really want an SSL certificate?
If the goal is to just evoke a feeling of brand faith and trust among your users, a simple domain-level validation will suffice. Alternatively, if you are installing an SSL certificate because Google consider HTTPS to be a ranking factor, again a simple domain-level SSL certificate is all you will need.
In fact, majority of the users tend to need nothing beyond domain-level validation. You can even setup an eCommerce store with such SSL certificates (albeit certain countries do have more stringent requirements for this). As a result, you do not really need to buy an SSL certificate here.
Sure, there are paid options available too. COMODO PositiveSSL or GeoTrust RapidSSL are the cheapest ones in this league, starting from as low as $7.99 per year. However, the free options such as Let’s Encrypt can do the job equally well and are recognized by a wide variety of web browsers and operating systems.
To sum it up, you do not and should not have to pay for an SSL certificate if you only need to add HTTPS before your website’s URL. if you need to add the HTTPS element to multiple URLs (such as sub-domains), you can generate multiple Let’s Encrypt or similar free certificates as opposed to buy a wildcard premium SSL certificate.
When to Buy Premium or Paid SSL Certificates?
Now the question is, when do you really need to buy a paid SSL certificate? Here are some potential cases wherein spending money on SSL certificates might be a good idea:
- If you need validation and authentication greater than what a domain-level SSL certificate can provide, you will have to go for a paid one. One general example of when this might be necessary would be if you need the green bar SSL certificate. There are no reliable free providers of such certificates and as such, you will need to buy one.
- Your target audience relies on or uses extremely outdated software. Such software and web browsers may not support SNI, which in turn is often needed for the free SSL certificates to work. In other words, older web browsers may simply fail to recognize Let’s Encrypt as a valid certificate provider and flag it as a hacked site. Examples of such software would include Android’s legacy browser on versions 2.1 and older, Internet Explorer 6, etc. For instance, you may be building a site for an organization that is still stuck on Windows XP with Internet Explorer 6. A paid SSL certificate will be your only option in this case.
- Your web hosting provider insists on selling you an SSL certificate. The reasons can be plenty: they have not yet implemented Let’s Encrypt support on their servers, they do not support SNI, or they simply wish to sell you an SSL certificate for the sake of money. Either way, you should consider changing your hosting provider in such cases.
Now that we have established when you can save money on SSL certificates and when you need to purchase one, where can you find the free SSL certificates anyway? We have talked about Let’s Encrypt; but are there any other options?
Free SSL Certificates
The first option, obviously, would be to rely on Let’s Encrypt. It began as a rather ambitious project and today, with the support and backing of many industry leaders, it empowers and secures millions of websites. The installation process is simple, and the certificate will auto-renew itself every 90 days so that your website is always secure and protected.
The second choice here is to go with cPanel’s own AutoSSL feature. Essentially, this is also a domain-level SSL certificate signed by COMODO, so you get all the functionality and reliability of a paid PositiveSSL certificate for free with AutoSSL in cPanel. Every single domain on a cPanel account gets a certificate by default, and you can choose to redirect non-secure traffic to secure pages straightaway.
Much like Let’s Encrypt, cPanel AutoSSL too will auto-renew itself every 90 days, unless disabled by your web hosting provider.
Every decent web hosting provider should, by now, be offering Let’s Encrypt or cPanel AutoSSL by default in their shared hosting plans.
The final option might be to rely on a Content Delivery Network that comes bundled with SSL features. CloudFlare, for example, offers free SSL redirection in its free as well as premium plans. You just need to sign up and then activate the SSL option — all your non-secure traffic will then be redirected to secure HTTPS. However, note that should you ever choose to bypass your CDN or disable it, your website might throw a non-secure security warning to the visitors due to lack of SSL.
Conclusion
This brings us to the end of this article about SSL certificates and whether or not you should consider spending money on them.
Nowadays, SSL certificates are no longer a luxury but instead have become a necessity. It is, therefore, prudent to pick a trustworthy free SSL certificate for your website as soon as possible.
For the majority of users, free SSL certificates are equally as good as paid ones. Therefore, there is very little need to spend money on SSL certificates unless you need advanced features (such as a green bar) or backwards compatibility (for extremely old browsers) that justify the cost of investment in paid SSL certificates.
Sufyan is a contributor to a variety of websites and blogs about technology, Linux, open source, web design, content management systems and web development. Learn more about his works on sufyanism.com
One odd little twist that you should be aware of: using AutoSSL in cPanel, the automatic renewal will fail if the root-level directory of your domain or subdomain is password-protected. You can generally take care of it manually, but you can’t just sit back and count on the automatic routine.