Have you clicked on a website link that took you to a warning page: “not secure”?
Did you dare continue your online experience to a website, which the browser itself marks as insecure?
This article will read how to prevent your website visitors from the above-mentioned unpleasant experience. You will particularly learn how to transfer the HTTP:// before your domain to HTTPS://. This “s” stands for security, and it’s your website must-have for quality user experience and SEO.
What is HTTPS, and why do you need it?
HTTPS is the abbreviation for Hyper Text Transfer Protocol Secure. It indicates a secure data transfer between your browser and the hosting browser of the website you are visiting. In other words, HTTPS ensures that the mid-browser communication is encrypted.
What does it mean for the users? They feel confident that whatever personal information they share on the website, such as a credit card, will be encrypted at one end and decrypted at the other. Therefore, there is no place for intermediary attacks from hackers.
In recent years, not only users but also search engines pay attention to domain security. HTTPS websites have a high priority in the web search results displaying. Therefore, even though having HTTPS is a mandatory requirement for the websites receiving online payments, passwords, personal data, etc., it’s highly recommended for all other websites.
The next section of the article guides you through the main “how-to’s” of adding HTTPS to your domain.
SSL (Secure Sockets Layer) certificate is what stands behind the security of your website. Adding HTTPS to your domain means acquiring an SSL certificate for your website.
Generally, you should plan a budget to buy an SSL certificate and refer to your team member with coding knowledge for its set up. However, this article mainly focuses on how you can do it personally: with minimal or no budget and coding skills.
As a starting point, you can either purchase the SSL certificate or get it from free sources. You may question why on earth you should choose to pay for something that also exists free. The answer is, free and paid certificates provide different levels of security and business authentication.
Free SSL certificate only authenticates the domain of your website. It will tell your users they are not on the fake or phishing website, but there will be no ensuring that there is a real business running the website.
Paid certificates providing organizations take sufficient time and effort to verify all the website-related details. They offer a full business authentication service, analyzing the company and organization behind the website domain. That kind of certification is provided only by commercial Certificate Authorities (CAs), who have sufficient volumes, resources, and expertise to conduct a comprehensive analysis of the company.
Another difference is the post-purchase service, which is 24/7 for paid CAs and almost does not exist for the free ones. Also, as the free CAs usually survive by the donations, their risk of ceasing operations is significantly higher than that of paid ones.
In 2021, the following CAs are considered the best ones to buy the SSL from:
How to acquire and set up a free SSL certificate?
Despite the above-mentioned differences between paid and free SSL certificates, plenty of companies rely on Let’s Encrypt, a leading free SSL provider, which gained the trust of companies like Google, Facebook, Shopify, etc.
Let’s Encrypt provides security certificates to 225 mln websites globally. You may also benefit from it depending on your website type and your business development stage (for stability and security concerns, big enterprises are not recommended to use free CA certificates).
Below are the main steps to gain and set up a free SSL from Let’s Encrypt.
- To obtain a certificate, you should demonstrate the ownership of your website to Let’s Encrypt. For that purpose, you should run the ACME protocol on your web host.
- To choose an option working best for you, you should clarify whether your website has shell access with your host provider. A small hint is that websites operating with WordPress, cPanel, and Plesk usually do not have shell access.
- If there is shell access, use the Certbot ACME client, which can provide you with quick and automatic certificate issuance.
- If there is no shell access, use the build-in support from your hosting provider to request and install the free certificate. If your hosting provider is not on the list of Let’s Encrypt, install Certbot and use its manual mode to organize the certification processes yourself.
There are plenty of free SSL providers you may quickly find on the net. This article mentions Let’s Encrypt as the most popular and reliable one. Note that there is a big difference for an experienced eye in which CA provided a security certificate to you.
Therefore, whether you choose a paid or free CA, make a deep researched-choice, as it will also influence your website’s security in the eyes of users.