SSL Certificates
SSL stands for Secure Sockets Layer and is one of the technologies used to secure communications on the internet. It's now been superseded by Transport Layer Security (TLS), but the terms are often used interchangably. We'll use the term SSL for the rest of this page, but know we're actually referring to both.
What are they for?
SSL is a method your browser uses to establish a secure connection with a server on the internet. It ensures that the data sent between your browser and a server cannot be read or modified by a third party as well as proving that the server really is who they say they are.
How do they work?
Public Key Cryptography is used to validate the server's identity as part of what's called a Diffie-Hellman Key Exchange. This allows for an encrypted connection to be created between the two whilst also validating the server's identity. This YouTube video by Computerphile gives a good rundown of how the Diffie-Hellman key exchange process works and we go into a bit more detail about how SSL Certificates work in this blog post.
Why do I need to worry about this?
Your visitors care about their privacy and secure connections help to prevent unauthorised third parties being able to snoop on their browsing habits. They also help prevent third parties from being able to inject their own code into your website on the fly, further preventing the risk of data theft, javascript-based malware and drive-by downloads. If you're running an e-commerce website, this is an absolutely vital step towards safeguarding against payment card data and identity theft. Furthermore, many search engines are now using the presence of a secure connection as part of their ranking algorithm and most major browser manufacturers now warn your visitors if the website they're visting isn't secure.
This sounds expensive. Is it?
Certificates come in various types and it's true that Extended Validation certificates (EV for short - they show the green banner in certain browsers) can be quite pricey. Let's Encrypt however, offer Domain Validated (DV for short) certificates for free.
Free? Really?
Yep, zero pounds. Let's Encrypt certificates are complete free.
If they're free, what's the catch?
Let's Encrypt certificates have a lifetime of three months and are auto-renewed by our hosting platform automatically before they expire. They offer the same level of security as the paid-for options, however they don't have the additional features (warranty, green banner, etc) of the pricier variants.
If Let's Encrypt certificates are free, why do you offer paid options?
We offer certificates of all types for businesses that wish to have certificates with longer lifetimes or additional features. Each certificate type has different standards an applicant must pass before a certificate is granted, and many paid for certificates include warranty against certain losses resulting from a security breach.
It sounds complicated. Is it?
Nope, not at all. If you're unfamiliar with the technology, it can seem a bit overwhelming from a webmaster's standpoint, but the tools we provide make it as easy as can be. With Let's Encrypt, it's essentially fire and forget; A couple of clicks and our hosting platform takes care of everything else in the background for you.
How do I get started with Let's Encrypt?
All of our servers have the Let's Encrypt cPanel extension installed so you can get started straight away. If you'd prefer a paid for certificate, you can order one straight from your client area and we have tools available within cPanel to get your certificate installed and working within minutes of receiving it.
If you have any questions about the process or need any help setting up, please get in touch and we'd be more than happy to answer any questions and help where we can.