Guide

What Is an SSL Certificate and Why Does Your Website Need One?

If you’ve ever noticed a padlock icon in your browser’s address bar, you’ve seen an SSL certificate at work. SSL — Secure Sockets Layer — is the technology that encrypts the connection between a website and its visitors, ensuring that any data passed between them can’t be intercepted by third parties.

Despite the name, modern websites actually use TLS (Transport Layer Security), an updated and more secure version of SSL. The term "SSL certificate" has stuck, however, and is still used universally. Every reputable website should have one — and if yours doesn’t, it’s costing you trust, rankings, and potentially customers.

How SSL Certificates Work

An SSL certificate is a small data file that binds a cryptographic key to an organisation’s details. When a visitor’s browser connects to your website, the server presents its SSL certificate. The browser verifies that the certificate is valid and issued by a trusted Certificate Authority (CA), and the two then establish an encrypted connection using a process called the TLS handshake.

The result is that all data transmitted between the browser and the server — form submissions, login credentials, payment details, personal information — is encrypted. Even if someone were to intercept the data in transit, they would see only meaningless encrypted gibberish rather than readable information.

SSL certificates are issued by trusted Certificate Authorities — organisations like Let’s Encrypt, DigiCert, Comodo, and Sectigo. Your browser and operating system maintain a list of trusted CAs, and only certificates from these authorities are displayed with the padlock icon.

Types of SSL Certificate

There are three main types of SSL certificate, differentiated by the level of validation the CA performs before issuing them. Domain Validation (DV) certificates simply verify that you control the domain. They’re the most common type and are often free via services like Let’s Encrypt. They provide encryption but don’t verify any information about the organisation behind the site.

Organisation Validation (OV) certificates require the CA to verify the legal existence of the organisation. Extended Validation (EV) certificates involve the most rigorous vetting process. EV certificates used to display the company name in a green bar in the browser, though most modern browsers have scaled this back — the padlock icon looks the same regardless of certificate type.

For most small business websites, a free DV certificate from Let’s Encrypt is entirely adequate. E-commerce sites and financial services providers may wish to consider OV or EV certificates for the additional trust signal they provide to customers.

Why Every Website Needs an SSL Certificate

Google has flagged HTTPS as a ranking signal since 2014. While it’s a relatively minor factor compared to content and links, all else being equal, an HTTPS site will outperform an HTTP equivalent. More significantly, Google Chrome marks all HTTP sites as "Not Secure" in the address bar — a visible warning that undermines visitor trust immediately.

If your site collects any data from visitors — contact form submissions, email newsletter sign-ups, user accounts, payment details — you have a legal obligation under UK GDPR to protect that data in transit. An SSL certificate is a fundamental part of meeting that obligation.

Free SSL certificates are available from Let’s Encrypt and most reputable web hosts will install and auto-renew them for you. There is genuinely no good reason for a website in 2024 to still be running on HTTP.

FAQs

Common questions.

Is an SSL certificate free?
Yes — free SSL certificates are widely available through Let’s Encrypt, a non-profit Certificate Authority. Most reputable web hosting providers include free SSL certificates and handle automatic renewal. Paid SSL certificates offer additional features and higher validation levels but are not necessary for most websites.
How do I know if my website has an SSL certificate?
Check your website’s URL in a browser. If it starts with https:// and shows a padlock icon, your SSL certificate is active. If it starts with http:// or your browser shows a "Not Secure" warning, you don’t have one installed or it may have expired.
How long does an SSL certificate last?
SSL certificates have a maximum validity of 398 days (about 13 months). Let’s Encrypt certificates are issued for 90 days and are designed to be renewed automatically. Many hosting providers handle this renewal automatically — if yours doesn’t, you’ll need to renew it manually before it expires to avoid your site showing security warnings.
Related guides

More on web design & ux.

Want a hand putting this into practice?

Book a free, no-obligation consultation with a Norwich-based specialist.

Book a free consultation
Get started

Let's put your business in a better light.

Book a free, no-pressure consultation. We'll talk through your goals and tell you honestly what we'd do — whether you work with us or not.

  1. 01
    Tell us a bitFill in the form — two minutes, tops.
  2. 02
    We'll call you backWithin one working day, no pressure.
  3. 03
    Get a clear planHonest advice and a fixed quote.

Free · No obligation · We reply within one working day

Book a free consultation