Before we get into how to install an SSL certificate, we need to know why it’s worth the effort.
If your domain is not secure, you’re going to be facing an uphill battle with growing your web traffic.
Google’s core focus is to provide their user’s with the best possible web experience.
Therefore when they receive a search query, they look to point the web-user to a safe and secure website.
And they determine which websites are secure by looking at SSL certificates.
This is why it’s essential that you have one!
SSL certificates are digital certificates that verifies a website’s identify and allows for an encrypted connection between your browser and your website’s server.
These certificates contain your website’s public key, details of your website’s identity and much more.
This is helpful because normally data is transferred in plain text between your browser and your web server.
And this leave you susceptible to eavesdropping from hackers and criminal.
As you can probably guess, this can lead to catastrophic events if you store sensitive data on your server.
An SSL Certificate encrypts all of this text so your data is safe and secure.
You may be surprised to know that SSL certificates have been around for 25 years.
And they’ve gone through a series of iterations to get to where they are now.
At one point every previous SSL certificate struggled to keep users secure with the advancements of the web, hence the reason for so many iterations.
They even renamed them to TLS’s (Transport Layer Security) for a brief period of time (these are still in circulation today).
But the original name stuck more and they’ve gone back to calling them SSL certificates.
If you look at a website’s address in your browser bar, it will look like one of the following:
Furthermore, most browsers will display a padlock next to the domain in the address bar to let users know that the domain is secure.
It’s important to note that there isn’t just one SSL certificate, there are six core types.
You need to pick the one that best suits you before we learn how to install the SSL certificate.
And they are categorised by the level of protection and encryption that they offer.
As well as the number of domains and subdomains under that certificate.
Below we’ll provide a brief introduction to each of them.
This is the top dog of the SSL certificate world.
An EV SSL indicates that the domain has top-tier security.
Due to it being the best certificate, they are also the most expensive SSL certificates you can buy.
These certificates are commonly used by websites that store confidential data and require payment details.
You can tell which websites are EV SSL certified by looking at the address bar.
You’ll be able to see the padlock, the business name, the country that the business is located in, as well as the usual HTTPS.
To acquire an EV SSL certificate, you have to go through a standardised identity check process where you have to confirm details about yourself and the domain.
Otherwise known as OV SSL certificates, these are one step down from the above EV SSL certificates.
And this is reflected in the price.
The focus of this certificate is to encrypt details when customers go through a transaction process.
Again, you must go through a validation process to receive an OV SSL certificate. This validation process focuses on the legal and physical existence of your organisation.
Whilst an OV SSL certificate doesn’t quite offer the protection of an EV SSL certificate, they are still a great option for public facing companies.
These certificates require the least verification and therefore offer the least protection in the way of encryption.
These certificates should not be used on websites that require users’ personal data or offer financial transactions.
DV SSL are a great and cheap option for websites that focus on providing information without needing to engage with readers (such as blogs and educational sites).
The validation process requires users to simply respond to a call or email to confirm their ownership of the domain.
These are the easiest to install SSL certificate.
For most readers, you’re not going to have to worry about Wildcard SSL certificates. But if you’re curious as to what they are, we’ve got you covered!
Wildcard SSL certificates work to not only secure your main domain but all of the subdomains beneath it too.
For example, we could secure dhillonsdigitalmarketing.com, www.dhillonsdigitalmarketing.com, and mail.dhillonsdigitalmarketing.com all with one certificate.
The benefit of this is that you don’t need to manage individual certificates which can be a headache.
And it usually works out to be a lot cheaper than buying many individual certificates.
Where as wildcard certificates can secure a domain and it’s subdomains, multi-domain certificates can secure multiple domains (as long as they’re under one ip).
Again, this means you don’t have to go through the headache of installing, renewing, and filling out requests for each individual SSL certificate.
For example, we could secure dhillonsdigitalmarketing.com and dhillonsdigitalmarketing.co.uk (which we have done).
And it’s not only incredibly cost efficient but adding more domains at a future stage couldn’t be easier.
Last but not least we have unified communications certificates.
These are the same as multi domain certificates. Except there’s one key difference.
These certificates are designed to compliment Microsoft Office and Office communication servers.
UCC’s have specific tools and features which allow for incredible efficiency when using Microsoft exchange.
However, it’s worth noting that these do not work in alignment with the other SSL certificates.
Nothing will destroy the reputation of your business faster than a data leak.
Repercussions involve: legal action, loss of revenue generating data, and a loss of consumer trust.
That’s why we make sure we install an SSL certificate.
An SSL certificate ensures that when someone is submitting personal data within your website, their data is encrypted and can’t be accessed from anyone outside of your website.
If your website is not secure, not only could your user’s personal data be accessed but your business’ data could also be taken.
And these include: your banking details, your website’s login details, your address and other password that could be valuable to you.
As we mentioned earlier, SSL certificates turn all text into mumbo-jumbo so it’s almost impossible to decipher.
Being an SEO website, we’re only too aware of the impacts that a lack of security can have on your website rankings.
To understand the importance of SSL certificates, you need to understand that Google’s core focus is to provide their web users with good user experience.
Sending their users to sites that are compromised does not fit in with this
If you’re serious about your business/website, it’s a must that you get your site in front of your target audience.
And not having an SSL certificate can seriously hinder that.
If users can see your website’s not secure, or that your data has been compromised in the past, you’re significantly reducing the likelihood that they’ll make a transaction with you.
And in fact, you’re significantly impacting the likelihood of them even clicking on your website.
Would you rather buy a product from the reputable and popular shop in town or down a back alley?
If you’re accepting payments through your website, you must be PCI compliant.
You could get in serious trouble if you’re not because of the regulations centred upon businesses providing consumers with safe financial transaction methods.
Having an SSL certificate is only one of twelve requirements set out for you to start accepting payments on your site.
The first thing you must do is to ensure that your domain’s information is identical to what you’re going to send to the certificate authority.
To collect your domain’s information, go to this ICANN LOOKUP TOOL.
This will show you everything from your registry domain ID to your Nameservers.
Use all of this information when submitting your request to the certificate authority.
Now that you have all the details surrounding your domain, you now need to generate a request for your certificate.
And there are three core options for this.
Only go for this option if you’re experienced in web development or are accustomed to the back end of websites.
If not, you could cause some significant damage to your website if you get something wrong (which there’s a high likelihood of happening if you’re a beginner).
But if you do feel confident enough to access your server then check out this guide on exactly what to do.
Another option is to outsource this to someone with technical experience (it will come at a minimal fee).
This is by far the most popular method of generating a CSR.
First you need to login to your hosting provider and then navigate down to your C Panel.
And then under your security settings, you should find an option to generate a CSR.
Once you click on that option, you’ll need to fill out a form with the information that we collected in step 1.
This is the easiest method but we don’t recommend it unless you have no other options.
There are online generators that will generate an SSL certificate for you (completely free).
However, because these are not linked to your hosting provider or domain, they’re not completely accurate.
Before doing this, we recommend getting in touch with your hosting provider to ask them exactly what SSL certificate is needed for your domain.
Before you install your SSL certificate, you need to submit it to the authorities.
Firstly, you’ll have to go to one of the authorities (scroll down to identify the right authority for you).
And then purchase one of the six types of certificates that we covered earlier.
Just ensure to have the details that you generated in Step 2 when purchasing your certificate because you’ll need to submit these details.
Now if you’ve generated a certificate from an external provider, you’re going to have to install your SSL certificate on your website.
If you’ve purchased an SSL certificate from your hosting provider, you can skip this step. You’re offically done!
It’s important to note that this process can differ depending on your hosting provider, the type of certificate you’ve bought, and the CMS you’re using.
However, there are two common ways to about this, you can do it through your hosting provider or by using a plugin.
This is the method that we recommend so long as it’s viable for you.
You’re going to need to login to your hosting provider and navigate to your CPanel again.
You should then be able to find an option to “Manage your SSL sites” under your “Security” section.
Then it’s as simple as uploading the certificate that you’ve purchased, along with filling in any details that are required.
These details include your private key and certificate signing request so be sure to keep them on hand throughout this process.
And it’s important that these details match those on your certificate.
As soon as you’re done, your SSL certificate should be active.
Just to make sure that it is, you can type in your website and you should see both the “HTTPS” and a padlock next to your site.
If you’re struggling with the first method, you can always do it through using a plugin.
Firstly, you’re going to need to login to your CMS (whether that’s WordPress, Shopify, or anything else) and navigate to your plugins.
Now you need to download an SSL plugin, there are a few to choose from but we recommend “Really Simple SSL”.
Whilst you may be put off with the fact that it encourages users to opt for the premium version, everything needed can be done completely free of charge and without any subscription.
As expected, you’re going to need and install this certificate.
However, pay attention to the steps that the plugin requires. They’re different for each user regarding what is required for you to upload your SSL certificate (it could be as simple as just logging in again).
Now if you have an SSL certificate associated with your site (which you should) all you need to do is click activate).
If the plugin does not present the activate button, it means you haven’t completed step 2 properly and need to return to your CPanel to rectify it.
Again, when you’re done just reload and check your address bar to see if you’re displaying “HTTPS”.
As much as we’d love to give a definitive answer, we cant.
The answer is it varies depending on what type of certificate you require.
You can pay anywhere from $5/£4 to $1000/£785 for an SSL certificate depending on how much security your website requires.
However, most premium websites are paying around $80/£65.
And it’s worth noting that these are on a yearly basis. They need to constantly renewed.
As we briefly mentioned, an SSL certificate is not a one and done purchase.
They need to be constantly renewed to keep your domain and website users safe.
How often your SSL certificate lasts is entirely dependent upon which SSL certificate you opt for.
Another factor that will determine your renewal dates is whether you opt in for additional features upon the initial purchase.
However, generally speaking most SSL certificates need to be renewed on an annual basis.
There’s no need to worry about forgetting to renew it, you will usually receive a flurry of emails in the weeks leading to your renewal date.
Upon having to install your SSL certificate, you’ll be glad to know that the majority of hosting providers automate the rest of the process these days.
You usually subscribe to an annual subscription and allow for them to handle the rest.
If you’re unlucky enough to be with a hosting provider that doesn’t automate the process, we’ve got you covered.
You’re going to need to scroll up to our guide on how to get an SSL certificate and repeat all four steps.
Whilst this is far from convenient, it can be done in less than half an hour and you won’t have to worry about it for the next year.
You could also consider switching over to a better hosting provider to save the fuss each year.
If you’re looking for a free/cheap SSL authority, we’ve got you covered.
There are dozens of authorities you can choose from but we’ve compiled a list of our favourites for you!
It’s worth noting that this list is compiled for websites that don’t require a high level of encryption. If you do deal with sensitive information, please do find an EV certificate.
These are just a list of easy to install SSL certificates.
The most well-known authority, this nonprofit organisation offers DV certificates free of cost!
And they’ve been sponsored by the likes of Facebook, Mozilla, and Siteground.
They require you to subscribe to automatic updates for your HTTPS status every 3 months.
And this is because the mission of the nonprofit is to move every website from “HTTP” to “HTTPS”.
A well known IT solution provider who focus on improving your website’s speed, they also offer SSL certificates too.
They offer 24/7 live support and are trusted by the likes of Reddit.
Depending on what level of security you require, their prices range from $0 to $250.
Powered by the guys at Zero SSL, SSL For Free offers 90-day completely free SSL certificates.
This platform is incredibly similar to Let’s Encrypt in the way it operates.
You’ll also find a wide range of tutorials on their website to help you install your SSL certificate, it couldn’t be easier.
Furthermore, you can generate Wildcard and multi-domain certificates too (completely free of charge).
The only downside is you need to be diligent with making sure to update your SSL certificates.
Whilst Comodo don’t offer free SSL certificates, they do offer extended free trials (up to 90 days).
But it’s worth noting that their SSL certificates are designed for those with Microsoft Office servers.
If you have a lot of domains or you plan to, we’d recommend you look into what Comodo have to offer.
Because they allow you to protect up to 100 domains with just one certificate.
And last but not least, we couldn’t leave out the biggest registrar in the world.
Their prices start from just $50 a year and they offer a 30 day money back guarantee.
And not only that, their customer service is incredibly helpful with helping you to install an SSL certificate.
Additionally, they offer a managed SSL service too.
Since 2018, Google have started labeling HTTP sites as “not secure” almost forcing everyone to jump to a Https domain.
And since 2014 Google have stated that your site security is a ranking factor for their algorithm.
The first thing you must do is go through the steps listed above to get an SSL certificate.
And then to redirect your pages from HTTP to HTTPS, all you need to do is use any SSL plugin.
Then there are a few things that you must do to ensure that your migration from Http to https is complete.
First, verify your Https status on Google. Let them know of the new address.
Next, update all of your internal links on your website. You don’t want your traffic reaching pages that are no longer active.
And lastly, audit your site via Screaming Frog (this application can be found via a Google search) to ensure that all redirects are working.
Google have recently stated that they intend to reduce the lifespan of all SSL certificates.
This means that we could be looking at 90-day certificates becoming the norm.
It’s likely that SSL certificates will work on a 90 day automated contract meaning you won’t have to do anything.
But it ensures that the web is as safe as possible with such regularity.
And it looks like this change will happen before the end of 2024.
If that article was helpful, check out our article on setting your preferred domain (it’s one of the most common mistakes made by SEO beginners).