SSL certificates overview

Overview

Adding an SSL certificate to your domain allows it to be accessed over a secure connection using the HTTPS protocol. This encrypts the data transmitted between a visitor's web browser and your website, ensuring all data transmitted back and forth is safe and secure.

Why add an SSL certificate to my domain?

Avoiding browser warnings

These days, all sites should use an SSL certificate due to the fact that modern web browsers (such as Chrome) display an 'insecure' message if a certificate is not installed when visited.

As time goes on, more and more browsers will require SSL certificates to view your site, so it's recommended that you at least add a free 'Let's Encrypt' certificate to your site.

E-commerce sites

On November 1, 2018, Comodo announced that the company is rebranding to Sectigo. For more information about this, please see the following announcement at Sectigo's website:

Any Comodo certificate issued after January 2019 will reference Sectigo as the certificate authority, while any certificates issued prior to that will still reference Comodo. These are still the same company, and the only difference is the name.

Most often, SSL certificates are used with e-Commerce websites that sell products/services over the Internet. The SSL certificate is needed to protect the privacy of a visitor's/customer's transmission of personal, confidential, financial, or billing (credit card) information when making a transaction on a web site. For these types of sites, only a paid Sectigo certificate is recommended.

Search ranking boost

Search engines like Google will rank your site slightly higher in results if it has an SSL certificate. 

What are the different types of certificates?

SSL certificates differ in the way they are validated. For example:

  • DV (Domain validation)
  • OV (Organization validation)
  • EV (Extended validation)

View the following article for more information about these differences:

Adding an SSL certificate to your domain

View the following article for an overview on how to add different SSL certificates to your domain:

Continually renewing your SSL certificate

All SSL certificates expire. For example, a paid Sectigo certificate is good for one year after you purchase it. At the end of that year, you must renew it to continue protecting your site.

Let's Encrypt certificates expire every three months, however they are configured in the DreamHost panel to auto-renew.

No matter what type of certificate you own, it's important to always keep it active and never let it expire.

Considerations and caveats

The following are a few things you should be aware of before purchasing an SSL certificate.

Wildcard certificates

The SSL certificates that DreamHost offers through Sectigo or Let's Encrypt do not support wildcard-type (*.example.com) SSL certificates. This means each domain/subdomain that you set up Secure Hosting on requires its own SSL certificate. 

Please note that if you attempt to add your own Wildcard certificate, technical support cannot assist in any way with any errors that may occur.

Traffic is not encrypted by default

Adding an SSL certificate to your domain does not automatically encrypt all connections since a visitor can still use http to connect to your site.

For example, if you go to http://example.com, your traffic is not encrypted. Any directory you access under that domain while using HTTP in the URL is also not encrypted. However, if you use HTTPS://example.com, your traffic is encrypted as well as any directory you access. 

Note the 'S' in HTTPS. The 'S' character confirms the URL is secure.

To encrypt all traffic, you must add a configuration file to your site. This will force all connections to only use https when connecting. View the following article for instructions on how to force your site to use HTTPS for all connections:

There are a few extra steps for Wordpress sites. View the following article instead if your site is running WordPress:

Is a Unique IP required to use an SSL certificate?

No. In the past, Unique IPs were needed for older browsers which did not support Server Name Indication (SNI), however this is no longer the case. For more information, please see this article on SNI.

See also

Did this article answer your questions?

Article last updated PST.