In today's world it has becoming extremely important to protect your and your customers data on the internet. Using SSL certificates to encrypt the data as it passes from computer to computer is.  In the past it was necessary to buy SSL certificates costing $2,000 and more for a single domain.  Even though prices for certificates have been coming down in the last few years, having to secure multiple sites still adds up quickly giving you possibly a reason not to add SSL.

With the appearance of several free options for SSL certificates there really shouldn't be any reason not to protect a site. Below an overview of three different options to get a free SSL certificate for your site.

Let's Encrypt (https://letsencrypt.org/)

Let's EncryptLet's Encrypt is a free, automated and open certificate authority. You can get free Domain Validation (DV) certificates for all your domains.  There is a rate limit on how many new certificates you can request per week. But certificate renewals don't count so you can steadily get more SSL certificates. Currently Let's Encrypt does not offer Organization Validation (OV), Extended Validation (EV), or wildcard certificates. One thing to keep in mind is that certificates are only valid for 90 days. This doesn't mean these certificates are substandard, but instead it is considered to increase security by generating a certificate more frequently.  So if you use their certificates you would definitely want to automate the renewal process on your side.

 

Amazon AWS Certificate Manager (https://aws.amazon.com/certificate-manager)

Let's EncryptAmazon also offers a free SSL certificates to your resources in the Amazon Cloud through the AWS Certificate Manager.  Obviously you are indirectly paying something for other AWS resources (Elastic load balancer, EC2 instances, CloudFront) you are using unless you are using their free tier.  The AWS Certificate Manager allows you to use get Wildcard certificates to include all your subdomains.  Amazon's certificates are valid for 1 year which is convenient compared to the 90 days Let's Encrypt offers.  You might be wondering if you can benefit from Amazons SSL certificates if your servers are not hosted with Amazon AWS.  Even though Amazon doesn't allow you to install their SSL certificates on your own servers outside of AWS you can actually use CloudFront in front of your external server to encrypt your site.  One should keep in mind though that you should still use SSL encryption between CloudFront and your own server (although possible) so you don't give the customer a false sense of security.  Currently Amazon only allows certificates from an official certificate authority so you will still have to get another certificate.  If you are running multiple sites you can probably still get away with one wildcard or multi domain certificate on your backend server if you get creative with your setup.

 

Cloudflare Universal SSL (https://www.cloudflare.com)

Let's EncryptCloudflare was the first company to offer free SSL certificates for their customers.  It appears Cloudflare doesn't offer wildcard certificates and only allows a limited amount of subdomains in their Free Personal Cloudflare plan.  Nevertheless Cloudflare does allow you to use self signed certificates for your backend servers to ensure data is encrypted all the way.

 

If you really need another reason to use SSL (though there really shouldn't!) keep in mind that google rewards sites with a better ranking in their search engine when using SSL (https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html)

Add new comment

Restricted HTML

  • Allowed HTML tags: <a href hreflang> <em> <strong> <cite> <blockquote cite> <code> <ul type> <ol start type> <li> <dl> <dt> <dd> <h2 id> <h3 id> <h4 id> <h5 id> <h6 id>
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.