Menu
SSL for Websites: Why it matters and how to set it up

SSL for Websites: Why it matters and how to set it up

SSL/TLS secures the connection between your visitors’ browsers and your server. With HTTPS in place, logins, forms and cookies travel over an encrypted channel, users don’t see scary “Not secure” warnings, and your brand benefits from higher trust, better conversions and stronger SEO signals. This guide explains in plain English why SSL matters, which certificate type to choose, how to decide between Let’s Encrypt and a paid certificate, and three practical ways to enable SSL on Unihost infrastructure: via cPanel, via Certbot on Linux, or as a fully managed service by our team.

SSL/TLS in a nutshell

Although people still say “SSL”, modern implementations rely on TLS. The idea is simple: browser and server negotiate encryption, then all traffic flows through a secure channel. The browser validates the site certificate — the issuer, validity period and the domain it was issued for. If everything checks out, the connection shows a lock icon and the page is loaded over HTTPS.

A certificate contains the public key and domain data and is signed by a trusted Certificate Authority (CA). For proper operation you must also present the intermediate certificates (the CA chain). Run TLS 1.2/1.3, disable legacy TLS 1.0/1.1, and use HTTP/2 or HTTP/3 to improve performance, especially on mobile networks.

Certificate types and scope

By validation level:

  • DV (Domain Validation) — proves control of the domain. Fast and usually automated; ideal for blogs, landing pages and SMEs.
  • OV (Organization Validation) — verifies company details; good for corporate portals and partner areas.
  • EV (Extended Validation) — extensive vetting for stricter compliance or higher reputation requirements.

By domain coverage:

  • Single‑domain — protects one FQDN (e.g., www.example.com).
  • SAN / multi‑domain — protects several different domains under one cert.
  • Wildcard — covers subdomains at one level: *.example.com.

Let’s Encrypt vs paid certificates

Let’s Encrypt issues free DV certificates with a 90‑day validity and automated renewal. Strengths: zero direct cost, speed, automation at scale. Limitations: DV only, no brand site seal or warranty.

Paid certificates (DV/OV/EV) add organization validation, warranties and brand trust features that may be required by partners or internal policies. Rules of thumb: DV for content sites and MVPs; OV/EV for e‑commerce and corporate portals; wildcard or SAN when you manage many subdomains.

Three ways to enable SSL on Unihost

cPanel installation

  1. Obtain your files: site certificate (CRT), private key (KEY) and the CA‑bundle.
  2. Upload/install them under **cPanel → Security → SSL/TLS**.
  3. Enable an HTTP→HTTPS redirect in the web server or with your CMS plugin.
  4. Verify CN/SAN, validity period and that browsers show a secure lock without warnings.

Certbot automation (Linux)

  1. Point DNS A/AAAA to your server and make sure ports 80/443 are open.
  2. Install Certbot with the nginx/apache or webroot plugin. Use HTTP‑01; use DNS‑01 for wildcards.
  3. Configure automatic renewal via systemd timers or cron; test with –dry-run.
  4. Add HSTS once HTTPS is stable; keep TLS 1.2/1.3 only; enable HTTP/2/3.

Unihost managed installation

Short on time? Hand it over to our team. We help choose DV/OV/EV, issue the certificate, install the chain, set up redirects and HSTS, and ensure renewals run reliably. This reduces risk, saves engineering hours and keeps your HTTPS healthy.

Common mistakes and how to avoid them

  • “Not secure” even after installation — often missing redirects or a domain mismatch. Ensure users land on the https URL and that the cert covers the right CN/SAN.
  • Mixed content — https pages load http resources (images, scripts, styles). Fix hard‑coded URLs in templates/DB and purge CDN caches.
  • Missing intermediates — without the CA‑bundle some clients can’t build the trust chain.
  • Renewal failures — challenge not reachable on port 80, wrong webroot, DNS drift or permissions.
  • Legacy protocols/ciphers — disable TLS 1.0/1.1; enable OCSP stapling; prefer modern cipher suites.
  • HTTP/2/3 disabled — enable in your web server/panel and reload services.

Security, performance and SEO

HTTPS strengthens user trust and acts as a positive ranking signal. After migration update canonical tags, sitemaps and redirects, and verify analytics/pixels work over https. HTTP/2/3, ALPN and TLS session reuse improve performance. Combine with compression and caching to minimize overhead from encryption.

FAQ

Q: Do I need SSL if I don’t process payments?
A: Yes — it protects forms and cookies and increases trust and conversions.

Q: Wildcard or SAN?
A: Wildcard for many subdomains under one domain; SAN when you manage several distinct domains.

Q: Why only 90 days for Let’s Encrypt?
A: That’s by design; with auto‑renewal it’s not an issue.

Q: When should I pick OV/EV?
A: When partners or policies require company validation or you need maximum brand assurance.

Conclusion and next step

SSL is a baseline standard. On Unihost you can enable it yourself via cPanel, automate it with Certbot, or get a managed installation. We’ll help you pick the right DV/OV/EV option, set up HSTS and HTTP/2/3, and keep renewals smooth so your site is secure, fast and search‑friendly.