You Don’t NEED to Buy an SSL Certificate!

Last updated on

This article is a bit of an anomaly. You’ve heard from everyone that you need to buy an SSL certificate from your site or risk being penalized by Google. Both in the search results, and when users visit your site from Chrome. All of this advice is true. You SHOULD get an SSL certificate. Your site  DOES need to be protected via encryption. However, this doesn’t mean that you need to BUY an SSL certificate!

Why Do I Need an SSL Certificate?

Technology websites will give you lots of reasons to get an SSL certificate – like security, warranties etc. But the REAL reason most of us need an SSL certificate is to comply with Google’s directive, and make sure that browsers don’t display any scary warnings to users when they visit our website.

Google has been beating the SSL drum for a long time. In a blog post dated Feb 2018, they said that starting in July they would mark all basic HTTP sites as “not secure”. This means that your users will see a big red warning on your site unless you have SSL enabled.

On browsers like Firefox, users will see a warning saying something like “This website does not supply ownership information”. Here’s an image:

You don't NEED to buy an SSL Certificate

Moreover, Google has acknowledged that they give a ranking bonus to SSL enabled sites. These are the two big reasons why you really need to implement SSL. Yes, there are more concrete reasons like security as well. But this is why you need to do it NOW.

In 2018, no one should have to pay for basic SSL. There are some providers like GoDaddy who try and force you to purchase a certificate. In fact, they support neither Let’s Encrypt, nor Cloudflare via cPanel – both of which enable to you get an SSL certificate with just a few clicks. But you can install the certificates manually as explained below.

But there are ways to get one for free even when your hosting provider wants you to spend money. In this article, I’ll clarify a few questions you may have about SSL, and then explain the ways you can get an SSL cert for free.

But My Blog Doesn’t Need SSL…Right?

Yes it does! Unfortunately.

Let’s say your site doesn’t handle any sensitive information. It doesn’t even accept login requests with passwords. No credit cards, no personal info. Nothing. Does your site or blog still require an SSL certificate?

Truth be told – you don’t need one. Again, this is blasphemy on most tech sites, but it’s true. However, Google doesn’t distinguish between harmless personal blogs and other websites that sell stuff and collect customer data. They will penalize your site regardless of whether or not it contains sensitive information. Users who visit your website and see a dangerous red exclamation mark will ask themselves “Is this site safe or not”? And you don’t want them to doubt your authenticity.

So if you care about your blog, and don’t want to scare users away, you should still get an SSL certificate for it.

If you’re already familiar with SSL, what it does, and why you need it, you can skip ahead to the part where I tell you how to get it on your site without having to pay anything.

What Does SSL Do?

Different SSL certificates do different things. But if you’re reading this, it probably means you just want a certificate that:

  1. Converts your site to “https” from “http”
  2. Gives your site the “green” look or the “lock” on the address bar of the browser
  3. Doesn’t display a warning message to your users

Here’s what it looks like when your site has SSL:

Paypal Green Bar EV SSL Certificate

A basic certificate that satisfies these requirements, does two things:

  1. Ensures that the connection between your site and the user is encrypted
  2. Ensures that you actually control the domain

There are more advanced certificates that do a lot more – like checking if the organization can be contacted at a verified phone number. Basically, the more you’re willing to pay for an SSL certificate, the more verification takes place by a trusted authority.

But as I mentioned above, most of us don’t need all this. We just need a valid certificate to make our address bar go green, be accepted by browsers, and not be penalized by Google in the rankings.

Do I Need to Buy an SSL Certificate?

There are two easy ways for you to get an SSL certificate without buying one. The first method depends on your hosting provider, and whether or not they make it easy for you. The second method will work for everyone.

Here’s how to get an SSL certificate for your website for free without paying for it.

Method 1: Free SSL from cPanel with Let’s Encrypt

Some providers give you a free SSL certificate from Let’s Encrypt:

  1. SiteGround – click here for all SiteGround hosting discounts
  2. DreamHost – all DreamHost coupons
  3. Bluehost – list of Bluehost prices
  4. Hostgator – complete list of Hostgator coupon codes

InMotion on the other hand, has its own free SSL option, even though they don’t support 1-click Let’s Encrypt. I asked them to clarify on Twitter that their AutoSSL solution covers subdomains:

Here’s a tutorial on how to enable InMotion’s AutoSSL option. This a table showing how much each hosting provider charges for SSL. No points for guessing which are the good ones!

SSL 1-year SSL 2-years SSL 3-years
GoDaddy SSL $59.88 $134.76 $209.64
Hostgator SSL Free Free Free
Bluehost SSL Free Free Free
InMotion SSL Free Free Free
SiteGround SSL Free Free Free
DreamHost SSL Free Free Free

You can read my tutorial on how to install a Let’s Encrypt SSL certificate on cPanel via a supported hosting provider

The most famous free certificate authority is called “Let’s Encrypt”. It’s a collaborative effort between major organizations like Mozilla and Google to get SSL into the hands of everyone easily, and for free. Even though you can generate a Let’s Encrypt certificate manually and install it on your site, it’s a bit of a pain. To make it easy, they’ve teamed up with a number of hosting providers that offer Let’s Encrypt from within cPanel. If you see your hosting service in the list in the link, you’re in luck!

These links will show you all the current discounts and coupons for these web hosts.

If all goes well, you can be up and running with an SSL certificate within minutes.

Method 2: Free SSL Certificate with Cloudflare

If you haven’t heard of Cloudflare, it’s time you did. It’s a great free service that’s used by most big websites around the world. It protects your site from malicious threats, DDoS attacks, and also caches static content to reduce the load on your server. It’s really pretty awesome.

For a while now, Cloudflare has offered free SSL functionality for all sites that utilize its services. While it doesn’t install an SSL certificate directly on your site, it encrypts all information flowing between it and the end user with its own Comodo verified Cloudflare certificate. So as far as your users are concerned, they’re viewing your site over an SSL connection and won’t see any warnings. And Google will be happy too!

You can read my tutorial on how to convert your site to HTTPS via Cloudflare. Though I’m talking about a WordPress site in that article, the instructions are the same for any website. And if you haven’t signed up for Cloudflare, now is a good time to do so.

In fact, check with your hosting provider if they support Cloudflare directly from cPanel. If they do, installation of Cloudflare becomes much easier. If not, it becomes a bit more complicated, but still doable.

How to Make your Website Secure for Credit Cards

The above two methods provide powerful encryption and domain name validation. But they don’t provide verification that you’re a real business, and that you’re trustworthy etc. For most sites, this is enough. Even if you’re handling sensitive information like credit cards and passwords, this is pretty good.

However if you want the next level of security, you’re going to have to start paying. Two higher end certificates are called “Organization Validation” and “Extended Validation” (EV). You’re paying the certificate authority to manually check up on you and in the case of an EV, make sure that you’re an actual legal entity.

Your reward is that browsers will start showing the famous “green bar” for your website – indicating the highest level of trust. For example, here’s the green bar in Chrome when visiting PayPal:

Paypal Green Bar EV SSL Certificate

So if you want to inspire the highest levels of trust in your customers and give them peace of mind, you might find it worthwhile to invest a higher-level SSL certificate. But this has nothing to do with basic SSL, and most sites can do just fine without them. So don’t get fooled by hosting providers trying to get you to pay exorbitant fees for an EV SSL certificate. Use one of the methods here, and get it for free instead!

About Bhagwad Park

I've been writing about web hosting and WordPress tutorials since 2008. I also create tutorials on Linux server administration, and have a ton of experience with web hosting products. Contact me via e-mail!