Overview
The following explains why SSL certificates are important for safe browsing, how to add or renew one, and a few things to consider when using them.
Reasons to add an SSL certificate
The following provides a few important explanations on why you should consider adding an SSL certificate to your domain.
Ensures a secure connection
While it's not required to add an SSL certificate, it's highly recommended that you add one to your domain. Adding an SSL certificate to your domain allows it to be accessed over a secure connection using the HTTPS protocol. This encrypts the data transmitted between a visitor's web browser and your website, ensuring all data transmitted back and forth is safe and secure.
Prevents browser warnings
Nowadays, all sites should use an SSL certificate because modern web browsers (such as Google Chrome) display a Not Secure warning if a certificate is not installed when visited.
As time goes on, more and more browsers will require SSL certificates to view your site, so it's recommended that you at least add a free Let's Encrypt certificate to your site.
Strengthens eCommerce sites
Any Comodo certificate issued after January 2019 references Sectigo as the certificate authority, while any certificate issued prior to this date references Comodo. Both names refer to the same company.
Most often, SSL certificates are used with eCommerce websites that sell products/services over the Internet. The SSL certificate is needed to protect the privacy of a visitor's/customer's transmission of personal, confidential, financial, or billing (credit card) information when making a transaction on a website. For these types of sites, only a paid Sectigo certificate is recommended.
Boosts search ranking
Search engines like Google will rank your site slightly higher if it has an SSL certificate.
How to add and renew an SSL certificate
The following describes how to add or renew an SSL certificate on your domain.
See this article for more information about the different types and prices of certificates DreamHost offers.
Adding an SSL certificate
See this article for an overview of how to add different types of SSL certificates to your domain.
Renewing an SSL certificate
All SSL certificates expire. For example, a paid Sectigo certificate is good for one year after you purchase it. At the end of that year, you must renew it to continue protecting your site.
Let's Encrypt certificates expire every three months; however, they are configured in the DreamHost panel to auto-renew.
No matter what type of certificate you own, it's important to always keep it active and never let it expire.
Considerations and caveats
The following are a few things you should be aware of before purchasing an SSL certificate.
.dev and .app domains force HTTPS by default
-
The .dev and .app domains are both owned by Google. As part of Google's initiative to secure website connections, .dev and .app domains force HTTPS by default.
Wildcard certificates
-
The SSL certificates that DreamHost offers through Sectigo or Let's Encrypt do not support wildcard-type (*.example.com) SSL certificates. This means each domain/subdomain that you set up Secure Hosting on requires its own SSL certificate.
Please note that if you attempt to add your own Wildcard certificate, technical support cannot assist in any way with any errors that may occur.
Traffic is not encrypted by default
-
Adding an SSL certificate to your domain does not automatically encrypt all connections since a visitor can still use HTTP to connect to your site.
For example, if you go to HTTP://example.com, your traffic is not encrypted. Any directory you access under that domain while using HTTP in the URL is also not encrypted. However, if you use https://example.com, your traffic is encrypted, as is any directory you access.
Note the s in https. The s character confirms the URL is secure.
To encrypt all traffic, you must add a configuration file to your site. This will force all connections to only use HTTPS when connecting. See this article to learn more about how to force your site to use HTTPS for all connections.
There are a few extra steps for WordPress sites. See this article instead if your site is running WordPress.
A Unique IP is not required to use an SSL certificate
-
In the past, Unique IPs were needed for older browsers that did not support Server Name Indication (SNI), however, this is no longer the case. For more information, please see this Wikipedia link on SNI.