How do you protect your users, prospects, and customers as they browse your website? And your company, along the way? The answer is a Secure Sockets Layer (SSL) certificate. Luckily, SSL doesn’t have to be expensive — there are free SSL certificates are available.
An SSL certificate keeps your customers’ sensitive information secure as they visit pages, read posts, submit interest forms, and purchase products. In this post, I'll share everything you need to know about SSL certificates and the best free SSL certificates you can get, regardless of your budget.
What Is an SSL?
Secure Sockets Layer (SSL) is a security protocol that creates an encrypted link between a web server and a web browser. It ensures that all transferred data remains confidential. You may have noticed the lock icon next to the URL in your address bar. When you see this, that means your site is protected by SSL.
Why get an SSL certificate?
Your website is more than just a digital billboard — it’s a data highway between your business and visitors. Anytime a visitor accesses your website, data, like their IP address, gets transferred from one server to another before it reaches its destination. Your visitors expect your company to keep that data secure.
Without a secure connection, the data they share with you is at risk of falling into the wrong hands, compromising their privacy, which could have steep consequences for your business. I wouldn't risk that — and you shouldn't either. Not to mention, if your site experiences a data breach, your credibility will suffer. That's where SSL comes into the picture.
In short, your site should have SSL, especially if you process financial transactions. However, I would make sure my site has SSL regardless of that. This added layer of security will protect you from data breaches, giving visitors a good reason to trust you with sensitive information. Not to mention, SSL improves your ranking in search results. It’s worth the energy to get an SSL certificate — and considering you can get a free SSL, there’s no reason not to. It just takes a few extra steps, and I'll walk you through those now.
More of a visual learner? I get it. Check out this quick video on what SSL is and why it's helpful.
Ready to dive a little deeper? Let's do it.
How SSL Certificates Work
SSL certificates can be a bit complicated to understand with all the technical jargon and acronyms. To give you a simple but accurate overview of how SSL certificates work, let’s imagine our friend Michelle is visiting her favorite website, hubspot.com.
Initially, Michelle opens her laptop and types “hubspot.com” into her web browser, Google Chrome. While Google Chrome loads the site, Michelle’s computer receives HubSpot’s SSL certificate through a public key and verifies it with the certificate authority. This is the first step.
Michelle’s computer and HubSpot’s server agree that everything looks legitimate, and the two computers form a connection called a handshake.
From here, Michelle’s computer and the hubspot.com server decide on the type of encryption they’ll use to transmit data back and forth securely. What makes this connection secure is the coding and decoding of information while it is in transit between the computer and the server.
The timeframe where security attacks are prone to happen is when the data is moving from one place to the next, so scrambling the information in an encrypted language, or private key, keeps everything secure until it gets where it needs to be.
Once the data is decrypted by Michelle’s computer by the private key, a lock icon appears next to the website’s name in the browser’s search bar.
It looks like this:
As a user, I expect to see that lock when I visit a website. If I don't, I don't trust the site as much. You want to make sure your visitors don't bounce out of fear of a data breach— so you should have an SSL certificate.
In our example with Michelle, she is free to browse hubspot.com, knowing that any data she shares is safe and won’t be intercepted by malicious hackers.
How much is an SSL?
The cost of your SSL can range from free to hundreds of dollars, depending on the level of security you require. Here are the types of SSLs, ranging from least secure to most secure (and, generally, lowest to highest in price):
Domain Validated (DV) Certificates: For sites such as blogs or small business websites that don't exchange any customer information, you should be okay with this type of certificate.
Organization Validated (OV) Certificates: This is your best option for business websites with forms and lead capture capabilities that don’t exchange sensitive customer information.
Extended Validated (EV) Certificates: For the highest level of security, capable of handling sensitive information such as financial transactions, pick this type of certificate.
The type of SSL you choose depends on what types of actions you expect users to take on your site. SSL certificates can be expensive if you don't know where to look or what you're buying. Luckily, I'm here to help you.
Once you choose the type of certificate you require, you can then shop around for Certificate Authorities that offer SSLs at that level. After, you’ll install the certificate on your website.
Here’s how to get an SSL certificate from start to finish:
How to Get an SSL Certificate
- Verify your website’s information through ICANN Lookup.
- Generate the Certificate Signing Request (CSR).
- Submit your CSR to the Certificate authority to validate your domain.
- Install the certificate on your website.
1. Verify your website’s information through ICANN Lookup.
Before applying for an SSL certificate, you must ensure your ICANN Lookup record is updated and matches what you submit to the Certificate Authority. Access the ICANN lookup tool and look at your name server, your registrar information, and your authoritative servers.
2. Generate the Certificate Signing Request (CSR).
Before you can find a certificate authority, you first have to generate a Certificate Signing Request (CSR). You can do so through your server, cPanel, or an online CSR generator. I'll walk you through the different options now:
Option 1: Server
If you have access to your server, you can generate a CSR yourself. Find your server’s specific instructions here. This option is recommended for advanced users and web developers.
Option 2: cPanel
If you have access to your cPanel through your hosting provider, you can also generate a CSR using its tools. First, access your cPanel via your hosting provider. For Bluehost, your cPanel is located under “Advanced.”
Scroll down to a section titled “Security.” Click the “SSL/TSL” option.
From there, you should find an option to generate a CSR. In Bluehost, this option is located on the right-hand sidebar.
After you click it, you’ll be taken to a form that asks for your domain, city, state, country, and company.
Done! Your CSR has been generated.
Option 3: Online CSR Generator
Lastly, you can bypass any complicated steps and simply use an online CSR generator for free. Some of your options include:
Namecheap's CSR Generator (Recommended for Advanced Users)
Digicert’s CSR Wizard (Recommended for Beginners)
We recommend using this as a last resort because it’s not connected to your server, hosting service, or cPanel.
If you’re unsure how to move forward, I'd recommend that you contact your hosting company for support, and they’ll give you instructions specific to your website. They can advise you on the type of CSR certificate you should request.
3. Submit your CSR to the Certificate authority to validate your domain.
When you buy an SSL certificate from a certificate authority, you must submit your CSR. Be sure to have it on hand when you’re completing the sign-up process for your SSL certificate.
4. Install the certificate on your website.
Lastly, install the certificate on your website. The best way to do so is through cPanel. Under “Security,” click “SSL/TLS.” Then click “Manage SSL sites.”
There, you’ll be able to upload a new certificate to your chosen domain.
If you purchased an SSL via your hosting provider, the certificate may already be automatically installed on your site, so you may not need to manually do it.
Ready to dive into the best services that you can use to get an SSL?
Best Free and Low-Cost SSL Certificate Authorities
- Let's Encrypt
- SSL For Free
- Instant SSL
- Basic SSL
If you require a lower level of encryption for a blog or business site that doesn’t transfer sensitive financial information, the following will get the job done. I think it's important to remember that free SSL certificates might not be the right fit for all websites. However, if you feel like it might work for yours, here’s where you’d start.
If you have content hosted on HubSpot's CMS, you can secure your content and lead data with a free SSL certificate. When you create your website, you’ll get a natively integrated SSL certificate. This ensures that you won’t have to pay any additional money for setup.
Price: CMS Hub is free and therefore, so is hosting. You can also opt for the premium if you're seeking advanced functionality.
Let's Encrypt was created by the Linux Foundation, and the project was sponsored by Mozilla, Site Ground, Cisco, Facebook, Akamai, and other top tech companies. It offers DV SSL certificates (no OV or EV here) free of cost, but you should be aware that these certificates are only valid for three months at a time and should be renewed every sixty days at the earliest. Why? The company has a firm stance on automatic certificate renewals to achieve its long-term goal of moving the web from HTTP to HTTPS.
Price: Always free for three months at a time. Then you must renew, for free, for another three months. Having to renew may be a little bit of a hassle, but you are getting SSL for free, so I think it's worthwhile.
Comodo offers you an SSL certificate for 30 days, completely risk-free.
It was especially designed for MS Exchange and Office servers. Comodo offers unlimited server licenses with priority phone support. And, most importantly, Comodo is certified as a Best Seller of SSL certificates.
Price: DV SSL Certificate for one domain is $99/year, Multi-Domain is $249/year, and Wildcard is $449/year.
Cloudflare is known for its products that make websites faster and more secure. It's a CDN and security company that's used by many popular sites, including Reddit, Mozilla, and Stack Overflow. Cloud Flare blocks millions of attacks every day and provides 24/7 support.
Price: $0 - $200 per month
5. SSL For Free
SSL For Free is a nonprofit certificate authority, and it works on all major browsers. Like Let’s Encrypt and other SSL certificate authorities, SSL For Free offers certificates valid for three months at a time.
Price: Always free for three months at a time. Then you must renew, for free, for another three months.
You've heard of GoDaddy — with over 60 million domains, it's the world’s #1 name registrar. If you have an open-source project, GoDaddy will provide you with a free SSL certificate that's valid for a year.
Price: $69.99 - $129.99 per year
GeoTrust offers a full range of DV, OV, and EV SSL certificates, and automated domain name validation is included with each. They’re known for having easy installation, speedy certificate issuance and compatibility with leading desktop and mobile browsers.
Price: Ranges, starting at $149 for a one-year plan
GoGetSSL is another public SSL certificate provider. It gives you a 90-day free trial for SSL certificates, and it only takes about five minutes to get your domain validated (no callback or face-to-face verification required). Their certificates are compatible with all major browsers, such as Chrome, Firefox, Opera, and Safari.
Price: Starting at $14.21 per year
9. Instant SSL
Instant SSL is another option that deserves your attention. Unlimited server licensing, 24/7 support, and unlimited re-issuance are among the features included in their SSL certificate options.
Price: $78 per year and up
10. Basic SSL
Basic SSL also offers a 90-day trial before you make a purchase. With a quick and simple validation process, you can focus on other aspects of your website while Basic SSL takes care of the certificate for you.
Price: Free for 90 days
Protect your customer’s experience on your website.
Browsing the web has its risks, but you can virtually eliminate those for visitors on your site. With an SSL certificate from a reputable company, your website can safely and securely handle data transfers between your customers and your business. With a visible lock icon in the search bar, your site visitors know they can trust your business. I think it's worth the extra energy and effort.
Ultimately, this creates a better user experience, increases your website’s ranking in search results, and ultimately helps your business operate to industry security standards.
This blog post was originally published May 2020 and was updated for comprehensiveness.