3 types of certificates DreamHost offers
You can add three different types of certificates in your DreamHost panel:
- Free self-signed certificate
- Free 'Let's Encrypt' certificate
- Paid Comodo certificate
The differences in these are explained below.
Free Self-signed certificate
You have the option to create a free self-signed certificate for your domain. These are secure, but since they are self-signed (and not signed by a trusted authority), a warning message appears in the browser when visiting the site.
Potential customers might be discouraged by a certificate warning/error message and may not wish to do business with your site when they see this. If you intend to do business over the Internet, especially if you're going to handle electronic transactions, then DreamHost strongly recommends that you purchase a signed certificate for your domain.
You can add a self-signed certificate by adding Secure Hosting to your domain on the (Panel > 'Domains' > 'Secure Hosting') page. View the following article for further details:
Free Let's Encrypt SSL certificates
Let's Encrypt is a Certificate Authority (CA) that offers FREE SSL certificates that are just as secure as current paid certificates, although a paid certificate is still recommended for e-commerce sites since 'Let's Encrypt' certificates do not offer 'Organizational Validation'. This project was pioneered to make encrypted connections the default standard throughout the Internet.
View the following articles for further information:
Paid Professionally-signed certificate ($15/year)
As mentioned above, a self-signed certificate throws a browser warning when visiting the site. If you have a customer facing site, or more importantly, a site that handles sensitive information such as passwords and credit card data, a paid Comodo certificate is highly recommended.
Paid certificates show no browser warnings and offer additional information in the certificate to ensure its authenticity. For example, these certificates include Organizational Validation (OV) which gives your users more peace of mind to ensure the certificate was correctly issues to a legitimate organization.
If you’d like to purchase a professionally-signed certificate, view the following article
What type of certificate should I use for my e-commerce site?
You can use either a 'Let's Encrypt' or professionally-signed 'Comodo' certificate for your e-commerce website. Both use an RSA 2048 bit key to encrypt the connection, so the security is the same for both options.
What's the difference?
The primary difference is the type of validation. 'Let's Encrypt' certificates are 'Domain Validated' (DV). This means the domain is only validated by 'Let's Encrypt' based on the domain name itself. No further credentials need to be provided to obtain this type of certificate.
A paid 'Comodo' certificate offers 'Organization Validation' (OV). This can be thought of as a step up in validation as this requires the business/organization that is requesting the certificate to be validated first. After validation, the certificate then includes the organization's name in the certificate information. This additional validation can appear more trusting to customers, which is why this type is recommended for e-commerce sites.
A Unique IP address is NOT required to enable Secure Hosting. However, if you plan to use an eCommerce application it's strongly recommend that you add a Unique IP address to provide maximum compatibility with older Internet browsers.
For more information about Unique IP addresses (including instructions for adding one to your domain), take a look at the Unique IP article.