What can I do to pay less for SSL?

You no longer need an IP address for each site. There are two possibilities.

You could get one subject alternative name (SAN) certificate that covers all your domains. SAN certificates have 100% modern browser support. This single certificate can be hosted on a dedicated IP address with virtual hosts for all your sites. This is a decent option if your hosting company uses an older version of Apache that doesn't have SSL virtual hosting.

You could also get separate certificates for each domain and host them with server name indication (SNI). SNI is basically virtual host configuration for SSL. SNI has 99.9% modern browser support and is starting to be widely used. It requires Apache v2.2.12 and OpenSSL v0.9.8j (or anything later) to be installed on your server.

As for the cost of the certificates themselves, you can get free certificates using LetsEncrypt.org. They work by issuing a certificate for any site that you can prove you own through an automated process that places a file they give you into a well known location on your web server. Their certificates don't work for all cases though:

  • LetsEncrypt only offers the most basic certificates (level 1) that do the minimum checking of validity. You won't get the green bar that requires a level 4 certificate.
  • LetsEncrypt doesn't support wildcard subdomains
  • LetsEncrypt certificates expire in 3 months, meaning that you have to have automated processes in place to renew them (cron jobs)
  • LetsEncrypt requires that you are able to run their software on your host. They have a program called "certbot" that issues and renews certificates. It can reconfigure your web server setup and place the well known files in your document root.

LetsEncrypt works best when your hosting company supports it. It is a pain to set up, so hosting companies are often doing that work for you now. It is built-in to common hosting interfaces such as cPanel.


All you have to do is find a host that offers free Lets Encrypt SSL certificates. There are loads of them, including my business that I will refrain from promoting here.

Tags:

Https

Web Hosting

Domains

Security Certificate

Related

Gmail suspicious link message on my email links Should stop words such as "and" and "in" be omitted from URLs for SEO? Google Search Console alert: Harmful content - Uncommon Downloads Is there any regulation on the yearly renewal price of a domain under a premium TLD? Microdata & JSON-LD Conflict on the same page or not? Best way to add a custom font to my site? Is incorrect to have the HTTPS version of the sitemaps.org URL in the xmlns sitemap schema? When the root URL of a domain doesn't have a specific site, how should visitors be directed to language folders? How to implement WordPress in a subdirectory, hosted on a different server? Pages or posts for reference site Is Facebook mining passwords from my website? How to overcome the situation of having lack of content and not updating regularly?

Recent Posts