We now offer free SSL certificates from Let’s Encrypt

Our hosting customers can now get free SSL certificates to secure their site.

What’s an SSL certificate? It activates the “padlock” icon for your site in a Web browser, showing that the connection is encrypted for security. You should use an SSL certificate if your visitors type sensitive data such as usernames, passwords or credit card numbers, because it ensures that “hackers” can’t intercept that data.

SSL certificates used to cost a lot of money, but an organization called Let’s Encrypt is now providing them for free, trying to encourage the widespread use of encryption on the modern Internet.

We believe that encryption should be widely available, so we’ve changed our SSL certificate system to provide free Let’s Encrypt certificates to our hosting customers. You can get one now in our “My Account” control panel.

What’s changed?

SSL certificates need to be “signed by” a company that’s trusted by all the major browser manufacturers. Because it takes years to start a company and get trusted, the companies that have been doing it for a long time have an oligopoly that allows them to charge significant fees for the certificates.

Until now, when one of our customers needed an SSL certificate for a secure site, we had to buy it from one of those companies and pass along the fee — and the fee is high enough to discourage most people. That’s one of the reasons most small sites on the Internet don’t use SSL encryption.

Let’s Encrypt (sponsored by Google, Mozilla, the Electronic Frontier Foundation and others) is trying to change that. They’ve partnered with an existing widely-trusted signing company to give away free certificates to anyone.

Expanded access to SSL certificates is a great benefit to our customers, so it was an easy decision to switch to Let’s Encrypt.

How can I get an SSL certificate?

You can add a free Let’s Encrypt certificate using our “My Account” control panel. We handle the certificate installation and all the technical details for you.

I already have an SSL certificate. What will happen when it expires?

If you have an existing paid SSL certificate that you’ve previously purchased from us, you’ll probably want to switch it to a free Let’s Encrypt certificate when it expires. We’ll notify you about 50 days before then, asking what you want to do. (If you don’t reply, we’ll switch you to a Let’s Encrypt certificate instead of letting the existing one expire.)

Let’s Encrypt certificates will be renewed automatically as long as you have hosting service with us. You won’t need to do anything to renew them.

Do free certificates include a dedicated IPv4 address?

Not by default. We used to include a dedicated IPv4 address with an SSL certificate, because the special IP address was needed to make the certificate work for visitors using very old browsers and operating systems released before 2007 (notably Internet Explorer 6 and Windows XP, which don’t support a modern SSL/TLS feature called Server Name Indication).

However, there are fewer and fewer visitors like that nowadays. In addition, those old browsers and operating systems have bugs that prevent them from working with Let’s Encrypt certificates even if the site does have a dedicated IP address, so using one doesn’t help (see update about this below). Most importantly, though, there simply aren’t enough IPv4 addresses available anymore.

Because of that, we don’t provide dedicated IP addresses by default for Let’s Encrypt SSL certificates, or for newly ordered AlphaSSL certificates. If you do need a dedicated IP address for some other reason, they’re available for an extra fee.

(If you already have a free dedicated IP address from an existing SSL certificate, and you continue using the same type of certificate instead of switching to Let’s Encrypt, we’ll continue providing the dedicated IP address at no extra charge.)

Are there any disadvantages to Let’s Encrypt certificates?

Let’s Encrypt certificates are suitable for almost all sites.

A small number of customers may still want a paid “AlphaSSL” certificate (which we still offer if you want one). In particular, a paid certificate has these features not available with a free Let’s Encrypt certificate:

  • It can be installed for your site even if the hostname doesn’t yet point at our servers;
  • It can be made to work with slightly older browsers, notably Internet Explorer on Windows XP (if you also sign up for a dedicated IP address) (see update below); and
  • It can be made to work for “wildcard” subdomains, where you don’t need to specify the list of possible subdomains in advance.

If you need one of those features, contact us. But if you don’t, a free Let’s Encrypt certificate should do the job.

Update March 25, 2016: This post was updated to indicate that Let’s Encrypt certificates now work with Windows XP if your site has a dedicated IP address, just like AlphaSSL certificates.