If you’re looking to convert your website to HTTPS, there are two ways to get a completely free secure sockets layer (SSL) certificate: Let’s Encrypt and CloudFlare. Let’s Encrypt offers a full-blown free SSL certificate, although it’s difficult to set up on some servers. CloudFlare is much easier to set up but technically less secure.
If you’re creating a brand new website, we recommend using a web host that includes an SSL certificate with your subscription. For example, Bluehost includes a shared SSL certificate along with hosting, business email, and a domain name starting at just $2.95 per month. To get started, use the tool below to search for available domains:
For those that already have a business website and just want a free SSL certificate, let’s explore the two best free SSL certificate providers in more detail.
Let’s Encrypt is the best way to get a full-blown SSL certificate at no cost. As a nonprofit service, it provides completely free SSL certificates with no strings attached. There are three ways to set it up:
- If you use WordPress, Squarespace, Shopify, Tumblr or a few other website platforms, your website will automatically be encrypted and feature an HTTPS URL in the address bar. Let’s Encrypt has partnered with these websites to provide SSL certificates by default.
- If you use SiteGround, Wix, WPEngine, or more than 100 other web hosts, you can still encrypt your website in a few clicks. Log into your web host account, head to settings and find the option to enable SSL.
- If your host is not supported, it’s still possible to use Let’s Encrypt, but you need to install the license manually. This is a more tedious process that requires logging into your server’s shell (SSH) account. You can find instructions here on the Let’s Encrypt website.
What’s the Catch?
There isn’t one. Let’s Encrypt is a nonprofit service, provided by the Internet Security Research Group (ISRG) and funded by donations. It’s driven by the goal of promoting a more secure and privacy-respecting internet. As far as I could tell, there are no strings attached.
The only real downside is that not all web hosts are supported, including popular ones like HostGator, GoDaddy or Bluehost, which includes a free SSL license anyway. This doesn’t mean you can’t use Let’s Encrypt. It just means you have to install the license manually, which is a longer process. Alternatively, you can use the next option, CloudFlare.
CloudFlare is a service that provides security and performance features to websites. Along with distributed denial of service (DDoS) protection and speed and uptime improvement, CloudFlare provides SSL certificates to all user accounts — even those on the free plan.
To set this up, you connect your domain name to CloudFlare’s service. Your website is still hosted on whatever platform you were previously using like WordPress or Shopify. However, CloudFlare becomes a proxy or “middleman” between the visitor and your website.
The advantage is that CloudFlare can block out hackers and bots that would otherwise slow down or compromise your website. The connection between visitors and CloudFlare’s servers is also encrypted, so your will website will get a “Secure” icon displayed in the address bar.
On the other hand, the connection between CloudFlare and your web server is not encrypted, unless you pay for an additional service. This is why CloudFlare is technically not as secure as “true” license from Let’s Encrypt. A hacker could theoretically gain access to your data by attacking CloudFlare.
What’s the Catch?
CloudFlare is able to offer their services for free because they have add-on services and premium packages many free users eventually purchase. CloudFlare also gains access to your traffic data, which it uses to monitor for potential attacks across its network.
Because CloudFlare is a middleman between your visitors and your website, it’s able to influence what’s transmitted. Certain pieces of code can get altered running through CloudFlare, and cause your website to appear slightly different to visitors. This seems to happen more often with certain web builders like Squarespace than others.
Finally, there is the potential concern that CloudFlare’s free SSL certificate is not fully encrypted. Websites that store sensitive data may want to use Let’s Encrypt instead or consider a paid option.
Reason to Get a Google SSL Certificate
The main reason it is important to get a Google SSL certificate is because you can get penalized by Google for not having one. E-commerce businesses and those selling online have long been required to have an SSL certificate, however, now all sites should have one if they want to rank high organically in search. One way businesses are penalized for not having a Google SSL certificate is by dropping your organic rankings in Google search. Ranking highly in Google’s organic search is the lifeline for many businesses, and while Google favors those with an SSL certificate, it decreases the ranking on those who do not have it.
Hosts That Include SSL for Free
If you’re creating a brand new website, the best route is to use a web host that includes SSL encryption with your subscription. This saves you money compared to purchasing it separately, and the effort of setting it up. If you’re new to creating websites, you’d want to check first our article on website basics.
Below are some of the popular web hosts that include SSL certificates for free are:
We recommend using Bluehost since they not only include SSL encryption but professional email accounts and a domain name starting at just $2.95 per month. You can use them to create a WordPress website, which is the most popular content management platform on the planet.
To learn more about Bluehost, click the button below, or check out our comparison of Bluehost, Weebly, Squarespace and other top website builders.
The Bottom Line
SSL encryption should always be set up sooner than later. For an existing website, it takes some effort to undergo the transition. Often, images need to be re-uploaded, and internal links need to be edited to include “https” instead of “http.” The sooner you do this, the easier it will be.
Check out our article on how to protect your business and secure your website in 7 easy steps and stay safe!
For new websites, we recommend setting up SSL immediately — before you even publish your homepage. Fortunately, many web hosts and website builders will include free SSL certificates with their base rate. Check out Bluehost, our recommended hosting service, or view a full comparison of website platforms.