Our insights into the world of web

What is an SSL and why do you need one for your website?

by Dan
Last updated: January 22nd, 2020

There’s been a huge shift over the past years, with websites now being all-but-required to install what’s known as an SSL Certificate.

If you’ve ever wondered what that is, well, in a nutshell, it’s a protocol that creates a secure connection to your website keeping your visitors safe from bad people.

So if your website has any form of login, contact form or payment processing, an SSL Certificate is what is needed to protect your visitor’s data as it transfers from your website to the web server.

In fact, it’s so important that most Payment Gateways (a service, like Stripe or PayPal, that is used to process payments on a website) will refuse to process payments unless it detects an SSL has been installed.

How to tell if a website has an SSL installed

You will probably have seen this many times before, Google’s Chrome web browser does a great job at really highlighting websites that don’t have an SSL installed, it is in part, thanks to Google that the internet has seen such a shift in the adoption of SSL’s over recent years.

To help us demonstrate, we’ll use a fantastic service called BadSSL.

If you visit a website that simply does not have an SSL certificate installed, you’ll probably see something similar to this in the address bar of your browser:

No SSL Certificate Notice

This can be pretty scary for some visitors when they’re visiting your website, especially if they intend to make a purchase.

In most cases, simply not having an SSL won’t physically stop the visitor from using your website, but it will likely unnerve them. In most cases, visitors will instead choose to find the product or service from another provider for their own peace of mind. Obviously this is not what you want!

To check if your website has an SSL installed, type https:// before your website address in the browser address bar.

i.e if your website address was speccymedia.com, type https://speccymedia.com

If you have an SSL installed you’ll see no warnings and you’ll probably be shown a Padlock icon next to your web address in the Address Bar, like this:

Valid SSL Certificate Notice

If you see the warning shown in our earlier example, then you don’t have an SSL certificate installed.

Can a website with an SSL ever not be secure?

Yes, actually. Though rare, there are a few instances where a website that has an SSL installed isn’t actually fully secure and will produce various browser warnings from the subtle to the completely in your face.

This first example is probably the most common, especially as more and more websites install an SSL on their webserver.

Mixed Content SSL Certificate Notice

Visitors will see this mixed-content warning if your website has an SSL installed, but parts of the website being shown aren’t using the secure protocol.

This usually happens with images. Let’s say that some time ago you added some images to your website and embedded them directly into the webpage. When images are shown, the browser is actually following a path to the image on your web server, so it can render the image on the page.

Typically, the code will look something like this:

<img src="http://mywebsite.com/images/my-favourite-book.png" alt="My Favourite Book" />

In this example, the code is linking directly to the image via the http protocol. Meaning that the image is being served from a non-secure connection.

Luckily, if the images are on the same web server as your website (this is very common) there’s an easy fix; just change http to https on each image path and your website will stop showing mixed-content warnings.

(Other common file types that can cause this warning are PDF’s, MP3’s and MP4’s – just follow the same steps for images and you’ll be good to go)

How long does an SSL last?

SSL certificates are usually issued for a year at a time and will need to be reissued at the end of the year, so it’s a good idea to put a note in the diary for when your SSL’s expiry date is approaching.

If you allow your SSL to expire without getting a new one issued, your visitors could see a warning like this:

Expired SSL Certificate notice

This warning completely takes over your website and visitors will have to make a very special effort to opt into proceeding. Most likely, they’ll very quickly click the back button and find another website.

How to Install an SSL Certificate

There are actually several different types of SSL Certificates available, which can get pretty confusing. The reason for this is that some certificates are issued by governing bodies who will check that you and your company are what you say you are and do what you say you do.

It can give that extra peace of mind to visitors, and you’ll often see examples of these sorts of SSL’s on websites of large corporations.

Upgraded Valid Indicator

Some browsers even go so far as to highlight the websites that have gone through this extra step. Mozilla Firefox, for example, shows the SSL for Barclays Bank highlighted green together with the official company short name.

For most websites though, you only need a “cheap” or even free (more on this in a minute) SSL Certificate.

Install an SSL via your web host

The easiest way to install an SSL is to approach your web host. Most web hosts will offer SSL installation out of the box, and often you won’t need to do anything other than purchase the certificate and click a button to install.

Typically, you’ll be spending between £5 and £40 for a basic SSL Certificate installation at your web host. Some web hosts, like Namecheap for example, even offer an SSL free for the first year.

Install an SSL for free with Let’s Encrypt

Let’s Encypt is a not-for-profit certificate authority that issues SSL certificates completely for free! They offer certificates to any website where the certificate requester can demonstrate that they have control over the website domain name.

Unless your web host offers Let’s Encrypt out of the box though, it can be quite a difficult process to install a certificate yourself as it requires access to the shell (a text-based way of communicating with the webserver), which is why it’s often easier to purchase a cheap certificate from your web host directly.

Here’s a list of common web hosts that offer Let’s Encypt with either automated installation or support for certificate installation.

Conclusion

All websites should be offering their visitors a secure connection so that they can browse, submit data and purchase products with confidence that their personal information is safe.

Certificates can be issued for free via Let’s Encypt, though it is often easier to purchase a cheap certificate directly from your web host.

If you’d like us to install an SSL for you, we totally can! Just use the form below to get in touch. This service will cost around £25 (depending on how long it takes us with your web host) plus the cost of the certificate and we’ll usually have it done that same day.

Recommended Reading

Social Media Marketing – Can’t I just do it myself?

Today I am tackling a common barrier that comes up from business owners, friends and family alike; “Why hire someone…

Dark Patterns and how they trick us online

Dark Patterns are the tricks that websites and apps use to push you into doing something that you didn’t mean to. Here’s how they do it.

What is an SSL and why do you need one for your website?

There’s been a huge shift over the past years, with websites now being all-but-required to install what’s known as an…

Why doesn’t my website rank on Google?

Lots of businesses struggle with displaying where they’d like to on Google Search results. It’s fantastic and exciting when you…

Get in touch

Ready to talk about your project? We'd love to hear from you no matter how small or big the job might be. Use the form to send us a message or request a call back.

hello@speccymedia.com