Secure browsing is an expectation held by many in 2019, and it's a fair one to have. With unsecured public wifi everywhere, banking, messaging, and email on every site, and your private data being synced to the cloud in the background, it's a lot to lose. But... that doesn't mean there's a price to pay, even though there's more then a handful of companies out there that hope you don't realize that.

Photo by Markus Spiske / Unsplash

What is SSL?

SSL (or "Secure Socket Layer") is the method of communication employed secured sites online. SSL is what adds the padlock icon to your browser that shows up when you're on a site that starts with https://. When a site is secured, it jumbles all the data sent between your computer and the website, making it unreadable to any prying eyes that may be there.

Without SSL

  • Attackers can intercept the data being shared between your website and the user - like their login info, or editing your page to be something it shouldn't be
  • Spammers can harvest contact info like email addresses for spam purposes
  • You lose the ability to hook into popular third-party services like Stripe, which require your site to communicate over HTTPS
  • Malicious internet service providers can censor content or inject advertisements into your pages

With SSL

  • Modern SSL can improve page load times
  • Improved search ranking. Google, Yahoo, and more favor secured websites
  • The above four attack vectors are not possible due to the secured traffic
  • You'll increase user trust with the added padlock
  • You'll comply with some regulations regarding account management or payments

It's clear what the benefits are - but that still means that you don't need to be paying for it.

Open shop
Photo by Mike Petrucci / Unsplash

Getting SSL Traditionally

To make your site SSL-ready, you would traditionally purchase an "SSL Certificate" from a Certificate Authority or a reseller. This certificate is what's sent to your user's browser that verifies that you are who you say you are. It's likely you've come across this before, because many domain registrars and hosting companies will try to entice you to purchase one for your new site at checkout for an absurd price.

A simple Google Seach for "Get SSL Certificate" comes up with nothing but ads to buy one.

I want to highlight a few alternatives before you subscribe to a yearly renewal in the name of user security. Your ability to use any of these will vary depending on how much access you or your team has to your website's server, but there's an option for everyone - all of which cost you $0.

SSL Through CloudFlare

Price? Free
Requires domain access? Yes
Requires server access? No

CloudFlare offers revolutionary technologies that enhance and protect millions of websites, and SSL is just one of them. Because CloudFlare sits in the middle of your user and your site, they can take the labor out of providing basic security methods.

Flexible SSL - Imagery by CloudFlare

Flexible SSL - The Fastest Way to Get Going for Free

CloudFlare "Flexible SSL" secures the traffic between your user and CloudFlare servers, but not between CloudFlare and your website. This removes the possibility for attackers to pray on or snoop your user's connection to your site, and is secure enough for most users.

Learn more here...

Full SSL. Imagery by CloudFlare

Full SSL - The Most Secure

This option is not available for those that don't have server access. But if you do, and use CloudFlare, then this is your fully-secure, fully-free method to run your site over SSL. Like "Flexible SSL", Full SSL will protect the connection between your users and CloudFlare, but also between CloudFlare and your website. Some labor is required to install the certificate to your server, but aside from that, you're up and running in no time without having to take out your credit card.

Learn more here...

Image from Google Firebase

SSL for Static Sites

Price? Free
Requires domain access? Yes
Requires server access? No

If your site is a basic collection of HTML files or a JavaScript app, it'll likely do well on a static site host like Firebase Hosting, GitHub Pages, or Netlify. These site hosts provide generous free tiers for many users with competitive pricing for those that handle lots of traffic. You save on not only hosting, but they all include a free SSL certificate for your project, too. Take a look at the three for your usercase, as the best will vary depending on your needs.

SSL for Everything Else

Price? Free
Requires domain access? Yes
Requires server access? Yes

For everything else, there's Let's Encrypt, the pioneer in making the web secure for everybody. Let's Encrypt provides free tools that issue and renew certificates for you, completely automatically, completely for free. The only tradeoff compared to our other listed options is the requirement of server access (sorry shared hosting users) and a comfort level with Linux.

The takeaway?

Don't pay that $70/yr SSL renewal fee to GoDaddy or whoever else you may use for hosting. If you're used to working with your own servers, go with Let's Encrypt. If you're new or use shared hosting, CloudFlare is your best bet. Otherwise if you're looking for something a bit more basic, check out the static site hosts out there.

A secure web is a better web, especially when you know the true value. If you need assistance with anything we mentioned, never hesitate to get in touch.