Common questions I get asked by clients include:- “why does my website say not secure”, “do I need SSL”, “why do I need SSL, I don’t sell anything on my website” and “what is the difference between paid SSL and free SSL”, so I will attempt to answer those questions here as simply as possible.
In an age where internet security is more important than ever, it’s vital to let people know that your site is safe to use. A Secure Sockets Layer (SSL) certificate is a type of website encryption key that encrypts data between the visitor’s browser and the server.
Fortunately and also confusingly, there are many different SSL options you can use. Let’s Encrypt is a free and open-source Certificate Authority (CA) that offers SSL certificates to anyone who has a domain name. Paid SSLs offer the same base service, but provide your website with several additional features.
In this article, I will explain the differences between Lets Encrypt vs Paid SSL Certificates, and help you decide which may be most suitable for your website. Let’s start with the basics!
Why Are SSL Certificates Important?
SSL certificates are complex, but in a nutshell, what they do is encrypt your visitors’ connection to your site. This helps to protect both your site and customers from data breaches. SSL certificates act as the backbone of a more secure internet and protect the sensitive information we all send over the web.
Without an SSL certificate, any data exchanged between a user and a website is sent in plain readable text, so can be viewed by anyone who is able to snoop in on the connection, such as on insecure or public wifi networks.
You can easily spot SSL-secured websites, as their URLs begin with HTTPS (rather than the old standard, HTTP). In some browsers, you may also see an icon in the browser bar that lets you know the site you’re visiting is secure. Google’s icon looks like a small padlock.
Unfortunately, a lot of people (including website designers and hosting providers) believe that an SSL certificate makes your website secure and protects your website from hackers, which is simply not true.
If your website has a vulnerability that makes it insecure and hackable, then an SSL certificate will do nothing to stop this. In order to make sure your site is secure you need to keep it updated and make sure it is being properly managed especially if you are running WordPress or similar.
Naturally, an improvement to your site’s security is always a good thing. However, securing your site with an SSL certificate can also result in a few particular benefits:
- Improved Search Engine Optimization (SEO) and rankings: Google considers sites that have a SSL certificate to be more trustworthy, and tends to rank them higher on Search Engine Results Pages (SERPs).
- Improved visitor trust: Adding an SSL certificate also improves your users’ level of trust, since it proves that your site is actually owned by you or your business.
SSL certificates have recently become almost essential. In an attempt to improve the overall level of security on the web, Google now marks sites without HTTPS connections as unsecured. Most users won’t make payments on a site with these kinds of warnings, so not implementing SSL could mean lost sales (as well as a reduction in traffic for any site).
Let’s Encrypt vs Paid SSLs: What’s the Difference? (3 Key Categories)
There are several options available when selecting a SSL certificate, and its important to find the right choice for your site. This means selecting a Certificate Authority (CA) – aka the business you’ll buy your certificate from.
Let’s Encrypt is one of the most popular options on the market, as it provides SSL certificates completely free of charge:
On the other hand, there are also plenty of paid SSL options. While you may wonder why you’d pay for a certificate you could get for free, the difference in price results from a number of key distinctions between free and paid SSL services. Let’s look at a few of the most important criteria.
1. Validation Levels
There are actually several different types of SSL certificates, which vary based on the level of validation they provide. The three main options are Domain Validation (DV), Organization Validation (OV) and Extended Validation (EV) certificates. Each offers a higher level of security than the last, and requires a more comprehensive vetting process.
Currently, Let’s Encrypt only offers DV certificates. While this may be enough for smaller and more personal sites, larger business and e-commerce sites often require a higher level of validation. Sites that are secured with OV and EV certificates are also more often displayed as secure in browsers, which as we mentioned is vital for improving visitor confidence in your site.
That’s not to say Let’s Encrypt is a poor option. In fact, it’s backed by some of the world’s largest companies – including Facebook, Mozilla, and Google. At the same time, you’ll need to look elsewhere if you want an OV or EV certificate.
2. Support and Warranty
Let’s Encrypt and paid SSL options offer varying levels of support and warranty as a part of their plans, alongside the certificate itself. Due to its small team, Let’s Encrypt is unable to provide direct support to users facing technical issues. It does offer a community support forum, however, so users can assist one another.
Paid SSLs will also typically provide some kind of direct technical support, and offer troubleshooting help if something goes wrong. In addition, these plans should come with a warranty – insurance for your certificate against fraudulent transactions and other potential issues.
It’s also important to note that SSL certificates come with a limited lifespan. Let’s Encrypt certificates have a maximum lifetime of 90 days, although the renewal process is 100% automated – meaning that your site shouldn’t be left unprotected, although sometimes the hosts automated renewal doesn’t work, so you should make sure you have notifications enabled to tell you if something fails. Paid SSLs have a longer lifespan, usually ranging from one to three years, and renewals may be either automatic or manual (depending on your provider).
It’s hard to compete with a non-existent price tag. Let’s Encrypt is able to provide SSL certificates for free through its use of automation. However, a lower price tag means the absence of certain features and support. Check with your hosting provider for SSL options, or you are free to purchase your SSL from anywhere as long as you are willing to perform the manual installation and setup.
Especially if you use your site for business or e-commerce, this is one investment that’s likely to be well worth the upfront cost.
Which Type of SSL Certificate Should You Choose for Your Site?
Ultimately, your decision will come down to the individual needs of your site, as well as your budget. If the site you are looking to secure with an SSL certificate is a part of your eCommerce business, it’s worth looking into paid options with higher levels of validation. The extra layer of security will reassure potential customers, benefit your search engine rankings, and protect sensitive user and customer data.
On the other hand, Let’s Encrypt is a nice option for blogs or simple websites without eCommerce or which do not store personal data and that simply need to get the lock in the browser to say they are secure, Once your site starts to grow or you implement eCommerce,, you can always upgrade to a better option.
At the end of the day, you have to ask yourself “who actually checks the ssl certificates on websites they visit”. The answer to this is barely anyone. People who are more internet savvy may refuse to purchase goods from a website that displays the “insecure” message in the browser.
The average person doesn’t understand what an SSL certificate is and certainly won’t be clicking on it and checking what type of certificate it is, what level of validity it has and where it was purchased from.
With so many security risks out there, it’s important to make sure that your site is properly secured. SSL certificates do just that. They also reassure your visitors that their connection to your site can be trusted, and can even improve your SEO.
Let’s Encrypt and paid SSL certificates both enable you to add a secure connection to your site. However, they offer differing levels of validation and support. Most business and e-commerce websites will be better off opting for a paid SSL certificate, whereas smaller sites may find Let’s Encrypt to be sufficient.
I do offer SSL registration, renewal, installation, and support. So feel free to get in touch if you need help with any of these things.