SSL Certificates are a necessity for your website if you wish to have efficient SEO as well as a positive user experience (UX). In short, Secure Socket Layers (SSL) protect your users from being exposed to malicious content while browsing on your site. Going in-depth on what an SSL is falls beyond the scope of this article, but you can read more in this blog post by 101domain. In terms of protection, you usually get what you pay for; so the more secure the connection, the more expensive the certificate. Let’s talk about some of the risks of going with free SSL for your site.
When using a free SSL, there is often no warranty involved. Since you are not investing in the certificate authority’s company, they have no need to invest in you. This leaves you and your site vulnerable and uninsured if anything happens to it. Some paid SSL Certificates provide a warranty of up to $2,000,000 just in case. Free SSL is a huge risk because even though you would initially save money by going with a free certificate, in the event of a breach, you would be unprotected and could possibly lose much more money than would have been spent on a solid SSL in the first place.
Does Not Support Multiple Domains
A large problem for users wanting to protect more than one site with a single SSL is that free SSL options does not allow for a multiple-domain plan. This would leave your other sites unsecured and vulnerable, and at best the security of the site you chose to “protect” will still be unreliable. However, many paid SSL Certificates do not give you the ability to protect multiple domains either. Generally, the ability to protect more than one site is reserved for a higher-cost package. Protecting multiple domains cannot be expected from a free SSL certificate, and should be reserved for the top tier validation plans. It would be great if a free certificate was able to support multiple domains, but with the lack of authentication and validation, it simply cannot be done.
Your Certificate Will Expire Soon
A dangerous potential risk that a free SSL can present is the fact that they can expire very quickly, and if you are not paying attention, your site may be unprotected. Some free certificates only last as long as one month, a timeframe which can sneak up on website owners. Many paid certificates offer protection for at least a year when you sign up for their plan. SSL Renewals echoes this in their article discussing the difference in validation: “free SSL certificates provided by popular CAs [Certificate Authorities] are issued for 30-90 days. As a result, the website proprietor must renew the certificate every 30-90 days. In the case of paid certificates, they can be issued for a period of 1-2 years.” Constantly being forced to renew your certificate can be a hassle, not to mention the risk of leaving your site unprotected while you scramble to renew your SSL.
One of the features you are giving up when going with a free SSL is the validation process. With paid SSL certificates, there are anywhere from 3 to 9 steps that you must go through to prove ownership of your site. The lack of authentication that free SSL certificates allow does not yield any positive outcomes for your site or its users. Essentially, this means that while you are in control of the domain, the CA still cannot be certain that you are the owner. Free SSL certificates only offer Domain Validation, or DV, whereas paid SSL offer Organization Validation and Extended Validation on top of DV. The problem with this is that DV is extremely restricted in what it can handle, and if you are hoping for versatility in your security, that is not what you will get with a free DV SSL.
It Is Unsafe, At Best
The prospect of a free SSL is exciting, and in an ideal world, it would be a great option. Unfortunately, it is just too good to be true. While using a free SSL does not cost you monetarily, it costs you security and positive UX. Most SSL Certificates go for around $100 at the lowest level. That is a good chunk of change, so it cannot be logical to expect the same amount of protection for no cost. As far as security goes, Datamation wrote an article discussing the dangers of free SSL Certificates, in which they said “even though identity isn’t actually verified at the same level as a green bar https website, most site visitors won’t really know the difference. This is terrifying and we should be concerned about this. What most people don’t realize is that a secure connection to an untrustworthy website doesn’t mean it’s safe to use.” They make a compelling point in saying that most users are not aware of the difference in levels of SSL.
It Affects Search Engine Optimization
SEO can also be affected by using a free SSL on your site. SEOblog states that, in regards to the relationship between SSL and SEO, “I would generally never recommend a free SSL certificate for any business that wants to take SSL seriously… There are simply too many risks associated with free shared SSL certificates for me to feel comfortable telling you to use one” writes article author James Parsons. It is important to remember that SSL certificates don’t just protect your site, but also play a large part in marketing your domain to search engines. Google has announced that they are now taking the security of websites into consideration when ranking them. Since free SSLs are only available in the form of DV, they will take a back seat to sites equipped with EV and OV. This drawback leads to a lower search ranking, which equals poorer SEO. One of the main focuses for your site should be on SEO, so purchasing a reliable SSL certificate is a great way to maximize your searchability.
Now, that was a lot of information. Don’t get me wrong, the idea of a free SSL certificate is amazing, and it would be incredible if those certificates were able to offer the same validation and protection that paid certificates did. But unfortunately, that is not the case as of now. If you are in a pinch, a free SSL can help you out temporarily, but it is not recommended for permanent use due to the risks above.