There are 3 “grades” of SSL certificate – domain validated, organization validated and extended validated. Whilst the core encryption technology is the same, the varying degrees of “validation” provide different benefits, most notably the famous “Green EV Bar” for the highest grade.
I mention this because if you’re considering an SSL certificate to purchase, you need to understand how it works before parting with any money.
SSL certificates are designed to provide an encrypted connection between the client (your PC) and the server. Indeed, whilst we still call them SSL (Secure Socket Layer) certificates, they actually now use TLS (Transport Layer Security) – not that it matters to the end user. Ultimately, all these certificates open the 443 port on the server, allowing browsers to send encrypted traffic.
Traditionally, SSL certificates cost money depending on the level of validation required. For example, the highest validation (EV) required company documentation and identification of specific individuals within that organization. Only then would the certificate be issued, and the “green bar” become present.
These certificates were always issued by “Certificate Authorities” – companies who are licensed with providing the certificates. Whilst these companies charge for their services, calls for more security online gave birth to LetsEncrypt.org – an initiative backed by the likes of Mozilla and WordPress.
LetsEncrypt.org is a certificate authority in its own right. It can only issue domain validated certificates for a period of 90 days at a time. Basically, if you’re able to provide an HTML meta tag, or DNS record, you should have no problem in attaining one of them. The benefit of using it – of course – being that your site will appear more secure to the end user.
To use one of these certificates, you actually won’t be able to get it from LetsEncrypt.org directly – you either need to download the “Certbot” automated tool from one of the hosted repositories (apt-get or brew), use the likes of CPanel or go to SSLForFree.com and get a certificate manually. I won’t explain how to install the certificate manually here – all I will say is that you can get one very simply if you follow their on-screen instructions.
The main reason why you should consider upgrading your site to SSL – especially considering LetsEncrypt has made the certificates free – is to avoid your site being labelled as “Insecure” by Chrome / Firefox. Since WordPress adopted SSL encryption by default, most of the online giants have decreed that they will actually treat websites that accept user data as insecure unless they are provided through SSL.