It’s past the time to get an SSL certificate!  If you don’t have one, your site visitors are likely being told that your website is not secure, corporate security policies may be blocking it, and Google is downgrading it in the search results.  The good news is that it’s easy and inexpensive (often totally free) to correct.

What is an SSL certificate?
SSL Certificates create encrypted connections between a web page (or web server) and a browser on the website.  It uses public key cryptography to encode the information being transmitted between a person’s computer and the website/web server.  In short, it keeps information like credit card numbers, usernames/passwords, or even email address private and secure.

Why do I need it?
If your website has any ecommerce (i.e., you sell merchandise, memberships, day passes, seminars, etc. through it), you need an SSL certificate to protect your customers’ private information.  But even if you don’t use it for ecommerce, you need one. Release 68 of Google’s Chrome Browser now displays a “Not Secure” warning in the URL bar next to the domain name.

Google Chrome Not Secure message when using a non SSL URL

Firefox displays a similar warning. And some corporate digital security policies prevent access (and more will likely join soon) to non-secure sites.  That means if someone tries to reach your website from their work computer, there is a risk that the site will be blocked.

How can I tell if I have one?
Type in https://yourdomain.com or https://www.yourdomain.com (note the “s” in “https”).  Your site should load properly and should display a padlock.  Google Chrome will also show “Secure” on the URL line. Google Chrome will look like this:

Google Chrome when connecting to an SSL secure site

If that works, great!  Now just make sure that your site is setup to always redirect people to the secure version.  In your browser, type in http://yourdomain.com or http://www.yourdomain.com (note there is no “s” in “http” this time), and see if it automatically redirects to the secure (https) version of the site.  If not, then your redirects are not setup properly and need to be fixed so that the secure site always loads regardless of what people type in.

How do I get one and how much does it cost?
You need to check with your host provider.  Thanks to Let’s Encrypt by the Internet Security Research Group’s (ISRG), most can get an SSL Certificate for FREE.  Almost every host provider supports it though some have simple, automated installations with redirection and others have a somewhat more complex installation, configuration, and redirection process.  Try Googling: “Let’s Encrypt <host provider>” to find articles on how to do it. “Let’s Encrypt Siteground” or “Let’s Encrypt Godaddy”, for example. Or contact us, and we’ll help you do it right.

Then what?
Lunametrics has a good article on several things you’ll want to do as part of your SSL configuration.  It includes things like:

  • Ensuring any reference links, image files, etc within your html are changed to the secure/https link; otherwise, you’ll get a mixed content error message from the browsers telling you that some content is secure and some isn’t. You may see an error like this:

Google Chrome mixed content error

  • Verifying the https version of your site in Search Console
  • Crawling the https version of your site by submitting a sitemap
  • Setting up 301 redirects so all of your old http link addresses redirect to the new secure versions
  • Updating Google Analytics
  • And more ….

Conclusion
Don’t wait to fix this.  You might have a beautiful, high conversion website that no one can even reach simply because you don’t have a free SSL certificate installed/configured.  It’s a bit like having beautiful jiu jitsu with no takedowns to get the match to the ground so you never even get to show your skills.

As always, our team is here to help!