However, an SSL certificate costs anywhere from $5/year to $1000/year and can add to the cost of running your small blogs. Luckily, there are several ways to obtain an SSL certificate for your website for free. In this article, we will go over some of the best methods to get an SSL certificate for your WordPress website.
What is an SSL certificate?
When you add a product to cart, or post a comment on a blog, your data are sent to the server unprotected. This means that anyone with the right tools can sniff the network and read the information you sent across, including your name, address, credit card details, etc. A Secure Socket Layer (SSL) certificate ensures that all your data are encrypted before they are sent over to the server. This prevent your data from being readable by anyone, making it more difficult for hackers to intercept and steal your data.
How Do SSL Certificates Work?
An SSL certificate acts as a digital passport that authenticates a website and insulates the data flow between the website and browsers. Here’s how it works:
Why Do You Need An SSL Certificate For Your Website?
Even though it is not mandatory to have an SSL certificate on your website, a majority of people who use the Internet prefer browsing safely on “HTTPS” websites. And anyone can easily identify websites that use an SSL certificate as they have a padlock icon next to the URL. Whereas websites without an SSL certificate display a warning sign. With SSL: Without SSL: Apart from public preference, there are many significant advantages of having an SSL certificate for your website:
Strong encryption safeguards users’ data from phishing scams and attacks. An SSL certificate provides a positive influence on the browser’s evaluation of websites.Increases visitors’ trust.Having an SSL certificate increases SEO rankings.Finally, an SSL certificate can help improve your website’s loading speed.
Type of SSL Certificate
There are primarily three types of SSL certificates. Based on the type of your website, you can choose any of the following:
Get Free SSL Certificate For Your WordPress Site
Let’s look at how to get a free SSL certificate for your WordPress website. Here are a few viable methods:
1. CloudFare
Generally, most CDN services include a free SSL certificate in their package. So if you are planning to subscribe to a CDN service, you can consider the options listed below to get a free SSL certificate too.
StackPathCacheFlyKeyCDN
However, these services themselves can charge anywhere from 5$ to $1000 depending on your use case and the data your website consumes on their servers. If you are just starting out your blog or website, you can use a free CDN service like Cloudflare which also offers you a free SSL certificate. They have a very easy-to-use interface designed for creating internationally scalable apps and provide a free SSL certificate for WordPress websites.
2. ZeroSSL
ZeroSSL offers free SSL certificates that last for up to 90 days, after which you need to manually regenerate another one. You can get up to three free SSL certificates, after which ZeroSSL charges $10 per month for the basic security coverage. Or, you can upload a HTTP file to your website’s root directory.
3. Really Simple SSL
Simple SSL is a widely popular plugin for WordPress, which provides a free-of-cost SSL certificate, and as the name suggests, it’s extremely simple to set up as it does not require any domain verification.
4. Using Web Host With Free SSL
Some web hosting companies offer free SSL certificates with their hosting plans. So if you want to keep things simple, you can set up your website on a hosting platform that offers a free SSL certificate. Generally, most web hosting companies that provide free SSL certificates, outsource them from a third-party SSL provider known as Let’s Encrypt. It is the largest free SSL provider and has already issued SSL certificates to over 260 million websites. You can also directly get a free SSL from Lets Encrypt, but bear in mind that it’s a pretty complicated process and also requires you to have shell access to your server and a little server management knowledge. So the easier way to get a Lets Encrypt SSL certificate would be to host your website on a hosting platform that provides you a free SSL certificate. Here are a few things to keep in mind when you’re looking for a web host with a free SSL certificate:
Make sure the host offers a “FREE” SSL certificate. Some hosting providers advertise giving out free SSL certificates but secretly add additional costs for it in the final bill.Check if the type of SSL certificate being offered is suitable for your website. For example, if you’re running an eCommerce site, you’ll need an SSL certificate that supports online transactions.Try to purchase a hosting plan with a platform that also offers support for the free SSL certificates they offer. Some hostings may require you to install and configure the SSL certificate yourself, which can be a very hectic task.
Here are a few hosting companies that provide free SSL certificates:
A2 HostingBluehostHostGator
Problems Associated With SSL Certificates
1. Certificates That Have Passed Their Expiration Date
When an SSL certificate expires, the visitors trying to access your website will be greeted by an error saying with an error code: NET::ERR_CERT_DATE_INVALID. This is because each certificate has an expiration date, and the web browser will reject certificates that are no longer valid. From September 1st, 2020, major web browsers are instructed to refuse connection with SSL certificates that are older than 398 days. So if you neglect to renew certificates when they expire, or if you install an SSL certificate with a validity period of over 398 days, your website will end up throwing this error to all the visitors. To fix the problem, you’ll need to replace the SSL certificates on your web server with a new one.
2. A Certificate That Has Been Revoked
Just like some cheap padlock manufacturers assign the same key for the locks they make in a batch, some SSL certificates also carry identical encryption keys. Now, whenever there is a data leak, these keys are recorded by the authority that assigned you the SSL certificate and revokes all the SSL certificates with the same encryption key. So if your SSL certificate has been revoked, your website will display an error message – “NET::ERR_CERT_REVOKED.” In such situations, you can either contact your SSL certificate provider or replace the revoked certificate with a new one to resolve the problem.
3. The Hostname Is Not Found
If your website shows the error message – “NET::ERR_CERT_COMMON_NAME_INVALID,” it means that the hostname in your SSL certificate does not match your site’s domain name. To establish a secured connection from the web browser to a website, the SSL protocol initiates the first handshake to confirm the legitimacy of the SSL certificate. Now, the most basic need for this handshake to be successful is that the URL of the website should match the URL mentioned on the SSL certificate. Again, this verification does not stay limited to the domain name but extends to the exact URL. For example, if a user tries to connect with your website using www.example.com as the URL, but the SSL certificate only lists example.com, it will fail to connect with the secured version of your website. To solve this issue, you need to either add the non-www version of your website’s URL in the certificate or 301 redirect from www to the non-www version.
4. A Certificate Authority That Isn’t Trusted
If your browser is unable to establish a chain of trust between your website and the visitor’s web browser, your website will throw an error saying – “NET::ERR_CERT_INVALID.” This can happen for one of two reasons. Either you are using an SSL certificate from an untrusted certificate issuing authority, or you are using a self-assigned certificate. In the first case, the only option is to either replace your certificate with a trusted one, or you can contact your SSL certificate provider to seek help. If you are using a self-signed SSL certificate for a local HTTPS development, you need to manually add your certificate to the browser’s trust store. However, keep in mind that your self-assigned certificate will only work on your local network. Image credit: Mirsad Sarajlic This way, an SSL VPN gives individual users access to an organization’s network, client-server applications, and internal network utilities and directories without the requirement for specialized software. It allows safe, secure communication for all types of devices over an encrypted connection, regardless of whether the network is accessed via the public Internet or another protected network.
