Free Bluehost SSL Finally Arrives – Will GoDaddy Follow?

Last updated on

I woke up this morning to the good news that Bluehost SSL is now free with Let’s Encrypt for ALL its hosting plans – not just WordPress. This is great. I went over to check their website, and it’s true:

Bluehost SSL is now free with Let's Encrypt

Going through Twitter, I heard that Hostgator was also in the process of including free AutoSSL, so it seems that all of EIGs companies are finally falling in line. This is great because I’d earlier written a post about traps that hosting companies use to get you to overpay. One of those traps was pretending to have low prices, and then charging outrageous amounts for SSL certificates – which are mandatory these days.

So as Google’s deadline for showing warnings on all non-SSL sites draws closer, expect more and more hosting providers to give up this juicy revenue stream in favor of free SSL certificates.

GoDaddy However is a Different Story

Ironically, I also saw this while browsing Facebook today:

GoDaddy Still Requires Paid SSL

So while other companies are forging ahead with free SSL, GoDaddy’s buckling down. At $60 a year for the first year, and much more after that, it’s shocking that the company with the largest number of hosting customers hasn’t made the leap to SSL. They’re probably banking on the fact that most small business owners don’t know enough about free SSL options and will take whatever products are pushed onto them.

But how long can this continue? Sooner or later GoDaddy’s gotta cave to pressure and start supporting what every other company is getting on board with – Let’s Encrypt or some other free AutoSSL option.

How Can Bluehost SSL Be Free? By Installing Let’s Encrypt!

Bluehost now allows you to install free LetsEncrypt certificates for all its shared hosting plans. The set up takes just one click, and is a landmark moment in web hosting. To install, take the following steps:

  1. Log into Bluehost
  2. Go to “My Site” on the left hand side
  3. Hover over your site and click “Manage Site”
  4. Click the “Security” tab
  5. Enable the “Free SSL Certificate” option as shown in the screenshot below:

Enable Bluehost Let's Encrypt Free SSL

The fact that Bluehost is making it so easy to install LetsEncrypt SSL certificates is a big deal. I’ve been beating the drum for a while that it’s 2018 and no one needs to pay for basic SSL. This is where I feel SSL is badly designed. Because it actually does two things that should be separate:

  1. Encrypt data between your site and the users
  2. Verify that your site is indeed a valid business

These two actually have nothing to do with each other. Encrypting all communications between you and your clients is a purely technological solution. It doesn’t require any kind of manual intervention. There’s no reason for it to be expensive. The encryption provided by free SSL solutions like Let’s Encrypt is every bit as strong as those provided by high-end EV certificates.

In fact, even without Let’s Encrypt and AutoSSL, you can convert your site to “HTTPS” and use SSL for free using a service like Cloudflare. When all this can be done automatically, what’s the value in a paid SSL certificate?

Extras your Get by Paying for Bluehost SSL

The money you pay for Bluehost SSL goes into the second step – validation and verification of your business. A basic free SSL solution only verifies that you control the domain name, nothing else. However if you’re an e-commerce site, you might want to inspire as much trust as possible in your customers. To do this, you pay a CA (Certificate Authority) to manually verify that your business is legit, that you have an actual address and phone number and so on and so forth.

It’s this manual verification that’s expensive because it’s carried out by human beings. There’s no shortcut around it. The more you pay for an SSL, the more validation you receive. Sites like banks and Paypal use the highest form of SSL and are thus 100% verified.

But not everyone needs that kind of validation. For a lot of websites, it’s enough to simply encrypt communications so that no one can steal the usernames and passwords of clients. It also ensures that no “man-in-the-middle” attacks can be performed and change your data in transit.

And for now, this is all that Google wants. It’s not looking for high end validation from a CA. So there’s no reason whatsoever to avoid free Bluehost SSL certificates. Let’s Encrypt and AutoSSL will soon be available from all hosting providers. And if GoDaddy refuses to get on board, I think it’s time for you to switch!

About Bhagwad Park

I've been writing about web hosting and WordPress tutorials since 2008. I also create tutorials on Linux server administration, and have a ton of experience with web hosting products. Contact me via e-mail!


  1. Paid certificates offer higher security.


Speak Your Mind