For many years the main reasons you would want your web site to use HTTPS protocol instead of the unsecured HTTP protocol is if you were taking sensitive data from your site visitor, like passwords, credit cards, social security numbers home addresses etc. You know, the common sense stuff. And to activate SSL (HTTPS, which really isn’t SSL it’s TLS, but like calling the “copy machine” the “Xerox” machine, it just stuck like “SSL” which isn’t technically correct, but it’s the coined “name” now), so, to activate SSL in the old days (circa 2016) you needed both a Dedicated IP address and a SSL Certificate purchased through KartHost™ or some other provider, and that meant spending money. Many resisted converting their web sites to SSL, unless it was absolutely needed. Understandable.
Things are changing, that is the old thinking.
Now today, with Google the “900 lb gorilla in the room” pushing and pushing hard to make the entire web “encrypted” (aka using HTTPS). And of late, it has become a lot easier for the end user and a lot easier on the pocket book to operate your site using HTTPS, how much easier you ask? Try FREE! OK, the cost is great, but does that make it easier? The answer is yes and here is why.
This has been made possible by one new technology, SNI (Server Name Indication) it’s an extension of the more Advanced TLS (replaced SSL) protocol (for the nerds among us you can learn more at Wikipedia Server Name Indication). Basically SNI operating on a web server (or Cloud platform as used at KartHost) allows SSL Certificates to be used without expensive (and rare IPv4) dedicated IP addresses.
One small down fall is SNI will only support modern web browsers. If you wish to make sure you support all browser’s (usually people still using XP and an old version of IE) you will need a dedicated IP address with your SSL Certificate. Sorry.
And the next key part of this equation is Let’s Encrypt who is providing Free SSL Certificates to everyone is a service provided by the Internet Security Research Group (ISRG). You will not be able to obtain a SSL Certificate directly from Let’s Encrypt, you must obtain them from a participating supplier like KartHost.
So even if the SSL Certificate is free, why use it? Especially if I do not take any kind of information from my site visitors, why would I want to hassle (which isn’t really a hassle) adding HTTPS? This is a very good and legitimate question. And here are some really quick answers
- Google provides a slight SEO page boost.
- Most people landing on your web site for the first time do not know you. Having your site operate using HTTPS is a trust building signal, and that is a good thing.
- At the moment Google is giving a ranking boost to sites using HTTPS, also at this moment more sites operate on HTTP than HTTPS (this will be changing very fast). As more and more sites operate with HTTPS the boost will really neutralize itself and operating your web site on HTTP will actually be working against you and your SEO page rankings. In fact, Google already has plans with the Chrome browser to mark NON HTTPS (HTTP) sites as Unsafe and warn your site visitors of this! You might wish to watch the first 12 min of this video from Google Chrome Security Software Engineer Emily Stark. Great “scary story” and other good explanations and especially watch from minutes 9:09 to about 12:00 minutes.
UPDATE: Google now marks any HTTP site as not-secure READ MORE HERE
Before you say, I do not like or use Chrome web browser, it doesn’t matter what you like (sorry do not mean to come across rude, but it’s a fact). What matters is the web browser your web site visitors are using to visit your web site. Can your site (aka business) afford to make your site visitors using Chrome nervous when they visit your web site? Not many can. Here are the stats of what browsers are being used on W3Schools.com web site: Browser Stats. And here are some more Web Browser Stats on Wikipedia. You can actually view your specific browser stats of visitors coming to your web site in your cPanel Control panel at KartHost. (Learn how to do it reading KartHost Knowledgebase Article “How to View Web Browser Stats using AWStats in cPanel”)
If you’re hosting is with KartHost™, you will be able to add your own Let’s Encrypt SSL Certificate (and any paid SSL Certificate) to your hosting effective immediately (was that a few Wahoos I just heard!). We have put together a tutorial with video to show you how simple it is to activate the Let’s Encrypt SSL Certificate in the KartHost™ Knowledgebase: Generating a Let’s Encrypt SSL Certificate on KartHost™ cPanel.
The Let’s Encrypt SSL Certificate will work well for most of our KartHost™ hosting clients. However, if you are in business and you are selling product and services and you are trying to build trust with new clients (and even current ones), here are the differences in SSL Certificates available.
- Domain Verified Certificates – What is checked is the domain and that you are the legal owner. Basically the Let’s Encrypt SSL does this, but a paid Domain Verified Certificate will take it a step further and also provide a certificate Seal of Trust to add to your site and provide a level of underwritten warranty is provided. Like the Let’s Encrypt Certificate these Certificates are issued quickly.
- Organizational SSL Certificates – More difficult to obtain. It’s a high assurance not only do you have to prove you own your domain name but you and your business will be vetted as you will need to proof own your business. This is all manually done thus the extra time to obtain. The payoff is it builds a higher trust with your site visitors, and better chance of a sell online.
- EV Certificate (Extended Validation Certificate) – is similar to the Organizational Certificate, the big difference is you will need to be legally registered with your state as an LLC, Corporation (Inc) to obtain this highest level of certificate. It also provides the highest trust by making the Address bar green in the Web Browser and display your legal business registered name. KartHost uses a EV Certificate and this is what it looks:
So the take away from this, you need to get your web site up and running on HTTPS. We are here to help all our clients hosting with KartHost™. In fact, this is included with all our WordPress Managed Hosting clients and with our EZWP Builder package. And all our self managed hosting clients you can do it yourself, or if you need help we are here for you.
But one last thing to remember, after you generate your Let’s Encrypt SSL Certificate, you still need to make sure all your links within your web site are using HTTPS (the ones pointing to other pages, images and other assets on your web site). If your site with KartHost™ is powered by WordPress CMS (Content Management System) there is a very good plugin to help with this called Really Simple SSL. Download it and it will help fix all the mixed HTTP and HTTPS issues and convert your WordPress powered web site. And their paid version will handle other areas as well, if needed.
Would love to get your feedback.