Host Autopsy

Free Tool

SSL Certificates Explained: Types, Setup, and Common Mistakes

Everything website owners need to know about SSL/TLS certificates — from free Let's Encrypt to EV certificates. Plus common SSL mistakes and how to fix them.

Why SSL Matters

SSL (technically TLS) encrypts the connection between your visitors and your server. Without it:

  • Chrome shows "Not Secure" in the address bar
  • Google penalizes your search rankings
  • Forms and payment data are sent in plain text
  • Visitors don't trust your site

Types of SSL Certificates

Domain Validation (DV) — Free to $50/year

Proves you own the domain. That's it. Good enough for most websites.

  • Let's Encrypt: Free, auto-renewing, industry standard
  • Cloudflare: Free with their CDN
  • ZeroSSL: Free tier available

Organization Validation (OV) — $50-200/year

Proves domain ownership AND verifies your organization exists. Shows company name in certificate details.

  • Best for: Business websites, SaaS products

Extended Validation (EV) — $100-500/year

The most thorough verification. Used to show a green bar in browsers (no longer the case, but still validates legitimacy).

  • Best for: Banks, e-commerce, government sites

Setting Up SSL

Option 1: Cloudflare (Easiest)

  1. Add your domain to Cloudflare
  2. SSL is automatically enabled — zero configuration
  3. Choose "Full (Strict)" mode if your origin server also has SSL

Option 2: Let's Encrypt + Certbot

sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com

Certificates auto-renew every 90 days.

Option 3: Hosting Provider

Most modern hosts (Vercel, Netlify, Render) provide free SSL automatically. Check your hosting dashboard.

Common SSL Mistakes

Mixed Content

Your page loads over HTTPS, but some resources (images, scripts, CSS) load over HTTP. Fix: ensure all URLs use https:// or protocol-relative //.

Expired Certificates

Set up auto-renewal. Let's Encrypt certificates expire every 90 days — Certbot handles this automatically if installed correctly.

Wrong Domain on Certificate

Your certificate covers example.com but not www.example.com (or vice versa). Always include both when generating certificates.

Redirect Loops

Misconfigured redirects between HTTP and HTTPS. Usually caused by a proxy (like Cloudflare) doing SSL termination while the origin also forces HTTPS.

Test Your SSL

Use our scanner tool above to check your SSL configuration, or visit ssllabs.com/ssltest for a detailed analysis.

Check your own website

Run a free scan to check SSL, DNS, speed, and security headers.

Scan Your Site Free →