Updated on May 22, 2020
Online security has increased in the past few years mainly thanks to the trust that certificates create. SSL Certificates enable HTTPS and offer complex encryption for the sensitive data on your website which ensures that no information is passed in plain text. Unencrypted data is an easy target for hackers and it can result in stolen accounts or payment details of your clients.
We recommend all sites utilize HTTPS, as it has a lot of additional benefits beyond security. But, is there a price for such convenience? Avoid browser not secure warnings and improve your site's trust and search ranking on Google with an SSL-encrypted website. Below we highlight what an SSL certificate is, how it works, and how to set up SSL with any FastComet plan at no cost. Most other hosted eCommerce solutions or hosting companies will have you purchase and charge you hundreds of dollars every year for an SSL certificate. If you are a small to mid-sized business there is no need to purchase an SSL certificate and pay for its installation.
In this post, we will cover:
SSL/TLS (Secure Socket Layer) is the standard security technology for establishing an encrypted link called "encryption in transit" between a web server and your browser (using a secure protocol). It encrypts data and communications in the transmission and ensures that all information that is sent is secured (no data sent in plain text). By encrypting and securing any data that passes through this connection you help to prevent any data theft or hacking. Plus, if any data is stolen from this connection it’ll be impossible to decipher since it’s encrypted.
An SSL certificate contains the following information:
As the backbone of the secure Internet, SSL protects all sensitive information while it travels across the World Wide Web. Having an SSL Certificate is essential, even if your site does not handle sensitive information about your visitors.
In the past, SSL was commonly used for eCommerce or membership websites only to protect and secure sensitive information, like banking details, credit card numbers, passwords, login information, and sensitive personal information. However, today with stricter privacy standards such as GDPR, almost every website can benefit from installing an SSL certificate to protect any user information.
Every website should use HTTPS. No matter if you’re a blogger, a small business owner, or a large organization, an SSL certificate protects data flowing to and from your site. At FastComet, we are proud to be a part of the huge community of Technology companies, with the mission to help make the Internet more secure, and widespread adoption of HTTPS is a great step towards achieving this goal.
Taking advantage of FastComet's Free SSL is easy and will ensure your website is safe and your clients can feel secure. Let's Encrypt and GlobalSign SSL are SSL certificates that could be a great alternative to the paid options for your startup website or online project. We offer them for free as a bundled package with our Web hosting plans. We’ll install your SSL certificate, fix redirect errors, and even renew your cert before it expires completely free of charge.
There are various free SSL Certificate options available on the internet today. The most popular option for free SSL is being spearheaded by the Let’s Encrypt initiative — an open collaboration between a number of global organizations dedicated to creating a more secure and privacy-respecting web by issuing digital certificates needed for sites to secure their network traffic. Millions of companies, nonprofits, and public sector entities use Let’s Encrypt certificates to create a secure connection with Web users all across the world.
The Let’s Encrypt SSL certificate is trusted by all major browsers & devices. Visitors will recognize that their personal data, such as credit cards or emails, are properly encrypted.
Our team was paying close attention to the Let's Encrypt initiative since the very beginning. It is hardcoded into our values to offer our customers cutting edge technological innovations and high-quality assistance and we are extremely proud to be part of the huge Let’s Encrypt community.
Setting up SSL with our Let’s Encrypt integration is extremely easy. Make sure your domain is pointed to FastComet before proceeding. Additionally, the FastComet team has created a step-by-step tutorial on how to implement a free Let’s Encrypt certificate.
Free SSL certificates (Let’s Encrypt) deployed via FastComet are renewed automatically every 90 days.
In 2018, Let’s Encrypt introduced the ability to generate wildcard certificates for domains such as *.domain.com. FastComet was one of the first companies to support their ACME2 (Automated Certificate Management Environment) protocol that provides the ability for users to get free wildcard certificates. In other words, if you had a wildcard certificate for the domain *.domain.com, that single certificate could be used for www.domain.com, blog.domain.com, shop.domain.com, and any other subdomains.
Cloudflare allows any Internet property to become HTTPS-enabled with the click of a button.
There are two different arrangements for loading a site over HTTPS: flexible or full (or full strict).
The option you are looking for here is Flexible SSL. The Flexible SSL option allows a secure HTTPS connection between your visitor and Cloudflare but forces Cloudflare to connect to your origin web server over unencrypted HTTP. An SSL certificate is not required on your origin web server and your visitors will still see the site as being HTTPS enabled.
With FastComet, you can also get your free Private SSL - GlobalSign. Along with FastCloud Plus, you get one year of free GlobalSign service subscription as a bonus to the hosting service. Being on our FastCloud Extra plan would provide you with a free GlobalSign Private SSL for as long as you keep your FastComet services active. The SSL is private and is assigned to your domain. It will cover all of the subfolders so you can safely configure it on your website.
To request the installation of the GlobalSign SSL certificate, you can simply post a ticket to our Technical Support team via your Client Area. Note that we are using the latest cPanel release on all our shared hosting servers. It provides SNI (Server Name Indicator) support, which means that there is no longer the need for a dedicated IP address on your account so the SSL certificate can work. Once you request the installation, our technical support team will complete it for you and there will be no downtime for your website.
SSL/TLS, when implemented correctly, is a vital technology to secure user data when it is in transit between the user's browser and the website server. For full coverage, a website should also be using HSTS to protect against protocol downgrade attacks and cookie hijacking.
Supporting the HTTP Strict Transport Security (HSTS) protocol is one of the easiest ways to better secure your website, API, or mobile application. HSTS is an extension to the HTTP protocol that forces clients to use secure connections for every request to your origin server. FastComet provides HSTS support on all our Shared Web Hosting packages with just a couple of clicks. To implement HSTS for your website, you must have a valid SSL Certificate. If you employ subdomains in your content structure, you will need a Wildcard Certificate to cover HTTPS only. Alternatively, you’re pretty safe with a Domain Validated, Organization Validated, or Extended Validation SSL Certificate. Make sure you have these installed and working correctly. Just a quick reminder that we fully support Let’s Encrypt Wildcard certificates. Using the Free Lets’ Encrypt Wildcard certificate makes the setup and maintenance of websites with subdomains much easier, as they can now be encrypted with a single certificate.
Having HSTS enabled for your website, web browsers automatically change any insecure requests (HTTP://) to secure requests (https://). Web browsers recognize this header, and then take care of the rest without any further intervention on your part. Not only does HTTP Strict Transport Security (HSTS) help you get an A+ SSL rating from SSL Labs, it will help protect your website against two primary types of man-in-the-middle attacks (MitM): protocol downgrade attacks and cookie hijacking. To see if your SSL certificate is working properly, head over to SSL Labs, fill in your domain name, and see what kind of score you get.
It is important to set up SSL correctly without mixed content that may compromise security. Mixed content happens when resources on the page (such as URLs of the images) are not loaded using the HTTPS protocol. Furthermore, even if a single URL still loads using the insecure HTTP protocol, then browsers will treat your entire website as not fully secure.
Fixing mixed content can be a tricky process, and is often the main cause why websites with valid SSL certificates have errors next to their padlock icon. FastComet customers can leverage our Tech support team for Free SSL installation, ongoing management, and support.
SSL/TLS, when implemented correctly, is a vital technology to secure user data when it is in transit between the user's browser and the website server. For full coverage, a website should also be using HSTS to protect against protocol downgrade attacks and cookie hijacking. SSL certificates can be obtained for free and implemented in minutes through technologies such as Let’s Encrypt and Cloudflare, bundled with FastComet’s web hosting plans.
We hope you find this article useful. Discover more about FastCloud - the top-rated Hosting Solutions for personal and small business websites in four consecutive years by the HostAdvice Community!