Hostgator SSL Price is FREE! GoDaddy Still the Laggard

The Hostgator SSL price has dropped to $0 since late 2018. They have “Let’s Encrypt SSL” for all their shared hosting plans. Here’s a list of Hostgator coupons, so you can shop for the one that suits you best.

Table of Contents

Hostgator Free SSL Certificate

In the same year as Hostgator, Bluehost also started offering free SSL certificates. Both are owned by EIG, and this was likely a coordinated decision amongst all their branches. The motivation was clear – Google had just announced that SSL would be taken into consideration as a ranking factor. So naturally hosting companies couldn’t charge a fortune for basic encryption anymore!

Here’s a screenshot of the shared hosting plans with the Hostgator SSL pricing:

Hostgator SSL Price is Free for Shared Hosting
Hostgator SSL Price is Now Free

I must say I’m impressed. I didn’t think the EIG companies would be willing to give up such a strong source of revenue. GoDaddy for example still charges exorbitant prices for basic SSL products. But even after so long, GoDaddy still refuses to provide free SSL.

I must take a moment to praise companies like like NameHero who were way ahead of the curve. They’ve supported Let’s Encrypt SSL for years – long before any of the others.

Hostgator Shared SSL Prices Options

If you want more than Let’s Encrypt, you can also purchase higher security SSL from Hostgator. Here are the prices:

  1. Positive SSL: $39.99/yr
  2. Sectigo SSL: $99.99/yr
  3. Positive Wildcard: $119.99/yr
  4. Multi-Domain SSL: $79.99/yr
  5. EV SSL: $269.99/yr

However, as mentioned above, I don’t think you need to purchase any of these. The free SSL from Hostgator is more than enough.

Is Let’s Encrypt SSL Good Enough?

Both Hostgator and Bluehost are providing Let’s Encrypt certificates. This means that:

  1. Your traffic to and from visitors is now encrypted
  2. All your subdomains are SSL enabled as well!

The latter point (2) wasn’t always the case. This is called wildcard SSL and it’s only recently that Let’s Encrypt announced support for it. InMotion for example, provides free AutoSSL which doesn’t extend to all subdomains. However, they create a separate AutoSSL certificate for each individual subdomain, so it’s the same thing.

How to Install Hostgator Free SSL Certificates?

There are two scenarios with which you should be familiar when it comes to Hostgator shared SSL.

Scenario 1: You Already Have a Website without SSL

If you’re hosting a website that currently doesn’t have SSL, you need to explicitly install it via cPanel. To do this, read my tutorial on how to install Let’s Encrypt SSL via cPanel. It’s a simple process and takes just a few minutes. The procedure for InMotion’s AutoSSL is a bit different.

Technically however, you can install Let’s Encrypt certificates on any hosting plan – even those that don’t support it as part of their package. The procedure is a bit technical and complex, but it’s possible. However, you should AVOID this whenever possible.

The reason is that free Let’s Encrypt certificates automatically expire every 90 days. If you install them via the supported cPanel method, they will renew automatically. So no danger. But if you install them manually, you have to remember to do it over and over again. If you forget even once, you’re in deep trouble.

So get a web host who provides in-built support for SSL. Don’t do it yourself!

Scenario 2: You’re Creating a New Website from Scratch

If you’re creating a new website , you don’t need to install a Hostgator shared SSL manually. Any new website you create with the in-built tools like the Softaculous cPanel plugin will come with a free SSL certificate. The problem only arises when you try and migrate older sites to HTTPS.

Manually Switch your URLs for Old Sites!

If you’re migrating from a previous non-ssl website to a new one, it isn’t enough to simply install a Hostgator shared SSL certificate. You will have to rewrite every single URL on your website to change from “http” to “https”. This isn’t easy. Luckily, the newer versions of WordPress starting at version 5.7 code named “Esperanza” includes a feature in the Site Health Check section to automatically migrate your site from HTTP to HTTPS in a single click.

If you’re not using WordPress, you might find it easier to just use Cloudflare’s option to automatically rewrite your URLs from HTTP to HTTPS. It’s not an ideal solution because the old HTTP URLs still exist on your site. But it works! Here’s a screenshot:

Convert Site from HTTP to HTTPS Using Cloudflare
Convert Site from HTTP to HTTPS Using Cloudflare

The good news is that Cloudflare is part of the default Hostgator CDN package. So you just need to enable it in the Cloudflare settings page on cPanel and you’re good to go! If you skip this step, you’ll get “mixed content” warnings, and your site will be marked as insecure by the major browsers. Make sure you configure it properly.

New Hostgator SSL Price: Implications for Paid SSL?

I would say that most of the time you’ll be perfectly fine using the free Let’s Encrypt or AutoSSL certificates. This must come as a bitter pill for web hosting companies who were raking in a ton of cash. Sometimes the cost of SSL can overshadow the cost of hosting itself!

However, here are a few situations where purchasing an SSL is a good idea:

  1. You want extra trust from your customers
  2. You want the warranty insurance in case of fraud

Some companies like PayPal and other financial institutions need that extra bit of reassurance that a green SSL bar provides. With an Extended Validation (EV) certificate, you’ll not only have the green padlock, but your website name will be displayed on the URL bar as well.

Customers can be assured that they haven’t accidentally typed in the wrong URL. Though recently scammers have cleverly bought their own misleading EV certificates. It’s not really a substitute for being careful!

The End of Paid SSL is Finally Here

When Google announced in 2018, that they were factoring HTTPS into their search rankings, I predicted that no one would need to purchase SSL certificates anymore. The announcement forced large hosting companies like Hostgator and Bluehost to announce free SSL on their shared hosting plans via Let’s Encrypt – something that was previously available only on a few other providers like SiteGround, NameHero etc. Others like GoDaddy stubbornly offer only paid SSL to this day.

The announcement was actually a temporary bump in the business of SSL sellers, because producers of EV certificates could now claim the backing of Google itself – to charge customers tons of money for HTTPS security that they could previously get for free. The additional benefit, they said, was that you could get the “green URL bar” as shown here:

Old EV SSL Label on Chrome
This is what it USED to look like

This was in 2018. You can see above, that PayPal has a special appearance for its name in the address bar. It’s more prominent. However, when I visit the same website today on my Chromium based Edge browser, this is what it looks like:

Paid SSL No Longer Looks Anything Special
This is what it looks like NOW

It’s vanished entirely! Google has been steadily replacing the previous UI with a new one that removes the prominent security display and relegates the certificate type to the “Page Info” section. You can see that it’s well hidden away as shown here:

SSL Information is now hidden away in the information box
SSL information is now not easily visible in the address bar

So now there’s even less value in paying for SSL.

Because No-One Pays Attention

Evidence has been piling up that users don’t really care about the website’s “green bar”. It doesn’t help with avoiding risky behavior and as such, only takes up additional space in a browser’s window that can better be used for other things.

Instead, moving forward, Google is going to place more emphasis on warning users about insecure sites, as opposed to trying to give them a false sense of security about a site’s trustworthiness. Hence when you visit an unsecured site – one that uses HTTP instead of HTTPS – you’ll see a warning with a red cross in the address bar, to let you know that your information is not encrypted and is vulnerable to man-in-the-middle attacks.

“Insurance” on Paid SSL Certificates is Bogus

SSL vendors will try and tell you that their certificates provide you with insurance against fraud. Basically, if someone gets duped because their cert wasn’t good enough or whatever, they’ll pay out a certain sum. But in all my years of hosting, I have never once heard of a certification authority ever paying out a claim. Come to think of it, I haven’t heard of any claims being made either!

It’s just a marketing gimmick. The encryption used by free certificate tools like Let’s Encrypt are every bit as powerful as anything a commercial SSL vendor can provide. The strength of the encryption likes in the hashing functions, and anyone can do that – you don’t need specialized hardware, or anything.

Paid SSL Has no Value Anymore

The new direction Google and other browsers like Firefox are taking, will reduce the value of paid SSL certificates for web hosting customers. Now more than ever, free SSL via Let’s Encrypt is the way to go. So if you’re purchasing web hosting, and your hosting provider doesn’t give you free SSL, turn around and walk away in the opposite direction. You’re going to need SSL one way or the other, so find a host that provides it for free. Any one of the major web hosts will give it to you for free – other than GoDaddy, of course.

Why Isn’t GoDaddy Following Suit?

They will. They HAVE to! Hostgator was just about the last major web host to capitulate and GoDaddy can’t hold out for much longer. But it’ll be really hard for them. While GoDaddy’s plans are really pretty cheap, their SSL prices are outrageous. They were poised to make a killing when Google announced that they’re enforcing SSL on everyone. But now? It’s just a matter of time.

Hostgator Subsidiaries Haven’t Switched Over Yet

The country specific operations like Hostgator India haven’t yet made the switch to Let’s Encrypt. They’re typically less responsive than their global counterparts. I expect them to make the change as well, but I wouldn’t hold my breath. I’ve queried them over Twitter regarding this, and no response so far.

So we finally live in a world where basic SSL is practically free. That’s great news!

About Bhagwad Park

I've been writing about web hosting and WordPress tutorials since 2008. I also create tutorials on Linux server administration, and have a ton of experience with web hosting products. Contact me via e-mail!

Comments

  1. Great article! Free SSL is a must with any webhosting plan. Enabling free SSL is a very simple step for hosting providers, yet they’re reluctant to do so. I guess they want to rip-off their “newbie” customers as much as possible!

    Reply

Speak Your Mind

*

WP-Tweaks