What can I do to pay less for SSL?

You no longer need an IP address for each site. There are two possibilities.

You could get one subject alternative name (SAN) certificate that covers all your domains. SAN certificates have 100% modern browser support. This single certificate can be hosted on a dedicated IP address with virtual hosts for all your sites. This is a decent option if your hosting company uses an older version of Apache that doesn't have SSL virtual hosting.

You could also get separate certificates for each domain and host them with server name indication (SNI). SNI is basically virtual host configuration for SSL. SNI has 99.9% modern browser support and is starting to be widely used. It requires Apache v2.2.12 and OpenSSL v0.9.8j (or anything later) to be installed on your server.

As for the cost of the certificates themselves, you can get free certificates using LetsEncrypt.org. They work by issuing a certificate for any site that you can prove you own through an automated process that places a file they give you into a well known location on your web server. Their certificates don't work for all cases though:

  • LetsEncrypt only offers the most basic certificates (level 1) that do the minimum checking of validity. You won't get the green bar that requires a level 4 certificate.
  • LetsEncrypt doesn't support wildcard subdomains
  • LetsEncrypt certificates expire in 3 months, meaning that you have to have automated processes in place to renew them (cron jobs)
  • LetsEncrypt requires that you are able to run their software on your host. They have a program called "certbot" that issues and renews certificates. It can reconfigure your web server setup and place the well known files in your document root.

LetsEncrypt works best when your hosting company supports it. It is a pain to set up, so hosting companies are often doing that work for you now. It is built-in to common hosting interfaces such as cPanel.

All you have to do is find a host that offers free Lets Encrypt SSL certificates. There are loads of them, including my business that I will refrain from promoting here.