What is an SSL Certificate, and Does My Site Need a Paid One?

November 28, 2025
Profile Image
Written By Neil Batchelor

As a Technical Director specialising in WordPress and web hosting, I help businesses succeed online by boosting website visibility and performance through effective on-site and off-site SEO.

what is an ssl certificate
Share with friends:

It is the most recognized symbol on the internet: a tiny padlock next to your web address.

That padlock tells your visitors, “You are safe here.” It means the connection between their computer and your website is encrypted, preventing hackers from stealing passwords or credit card numbers.

But if you have ever shopped for web hosting, you have likely seen confusing upsells:

  • “Add Premium SSL for £50/year!”
  • “Secure your site with PositiveSSL for £29.99!”

This leaves most beginners asking a simple question: “My host offers a free SSL. Is it good enough, or do I need to pay for a ‘real’ one?”

In this guide, we will cut through the sales jargon. We will explain what SSL actually does, why Google forces you to have it, and why—for 99% of websites—you should never pay a penny for it.

The Basics: What is SSL/TLS?

SSL stands for Secure Sockets Layer. (Technically, it has been replaced by TLS, or Transport Layer Security, but everyone still calls it SSL).

How It Works (The Envelope Analogy)

Imagine sending a letter through the post.

  • HTTP (No SSL): You write your letter on a postcard. Anyone handling the mail—the postman, the sorting office, the neighbour—can read exactly what you wrote.
  • HTTPS (With SSL): You put your letter inside a locked, steel briefcase. Only the person with the key (the recipient) can open it. Everyone else just sees a locked box.

When you install an SSL certificate, your website moves from http:// to https://. The “S” stands for Secure.

Why You Need It (It’s Not Just for Shops)

Ten years ago, you only needed SSL if you were taking credit card payments. Today, every website needs it.

  1. Google Chrome Warning: If you don’t have SSL, Chrome displays a scary “Not Secure” warning next to your URL. This destroys visitor trust immediately.
  2. SEO Ranking: Google officially boosts the rankings of secure sites. If you want to be found, you need HTTPS.
  3. GDPR Compliance: If you collect any data (even just an email address on a contact form), UK law requires you to protect that data. SSL is the baseline for this.

The Great Debate: Free vs. Paid SSL

This is where hosting companies try to trick you. They will tell you that “Free” SSLs are less secure. This is a lie.

The encryption is identical.

A free SSL certificate from Let’s Encrypt uses the exact same 256-bit encryption standard as a £200 certificate from DigiCert or Comodo. A hacker cannot crack a free certificate any easier than a paid one. The “Steel Briefcase” is just as strong.

So, what are you actually paying for? Verification and Insurance.

The 3 Levels of Validation

1. Domain Validation (DV) – The “Free” Standard

  • What it proves: You own the domain name.
  • How you get it: Automated. You upload a file or add a DNS record.
  • Cost: Free (via Let’s Encrypt).
  • Visual: You get the Padlock.
  • Best For: Blogs, Portfolios, Small Businesses, Informational Sites.

2. Organization Validation (OV) – The Middle Ground

  • What it proves: You own the domain and you are a legitimate business.
  • How you get it: Humans verify your business registration (Companies House).
  • Cost: £30 – £100 / year.
  • Visual: You get the Padlock. (Most visitors won’t notice the difference).
  • Best For: Medium businesses who want extra credibility.

3. Extended Validation (EV) – The “Green Bar” (RIP)

  • What it proves: You have undergone strict background checks.
  • How you get it: Extensive paperwork and phone calls.
  • Cost: £100 – £500 / year.
  • Visual: It used to show a “Green Bar” with your company name. However, modern browsers (Chrome/Safari) have removed the green bar. Now, it mostly just looks like a standard padlock.
  • Best For: massive banks or global corporations.

The “Warranty” Myth

Paid SSLs often boast about a “$10,000 Warranty!” This sounds amazing. If you get hacked, they pay you $10,000, right? Wrong.

The warranty only pays out if the encryption itself fails (which is mathematically impossible with current technology) or if the Certificate Authority issues a certificate to a fake version of your site by mistake. It does not cover you if:

  • You get hacked via a weak password.
  • Your site has a malware virus.
  • You accidentally leak customer data.

In the real world, these warranties are almost never claimed. Do not buy an SSL just for the warranty.

When Do You Actually Need a Paid SSL?

For 99% of our readers, the answer is Never. The free Let’s Encrypt certificate included with your hosting is perfect.

The Only Exceptions:

  1. You Need a “Wildcard”: If you have many subdomains (e.g., shop.site.com, blog.site.com, mail.site.com), setting up free SSLs for all of them can be fiddly. A paid “Wildcard SSL” covers *.site.com in one go. (Though Let’s Encrypt supports wildcards now, paid ones are sometimes easier to manage on legacy hosts).
  2. Your Host Doesn’t Support Free SSL: Some budget hosts deliberately make it hard to install free certificates to force you to buy their paid ones.
  3. Enterprise Requirements: If you are building a website for a bank or government agency, their internal compliance rules might demand an OV/EV certificate.

How to Install Your Free SSL (Let’s Encrypt)

If you are using cPanel (which we recommend), installing SSL is a one-click job.

  1. Log in to cPanel.
  2. Scroll down to “Security”.
  3. Click “SSL/TLS Status” (or sometimes “Lets Encrypt SSL”).
  4. Select your domain name.
  5. Click “Run AutoSSL”.

The system will verify your domain and install the certificate. It usually takes 5–10 minutes. Once done, try visiting your site with https:// at the start. If you see your site, it worked!

Troubleshooting: The “Not Secure” Error (Mixed Content)

You installed the SSL, but the padlock isn’t showing? Or maybe it shows a “Grey” padlock with a warning?

This is usually caused by Mixed Content. It means your website loads securely over HTTPS, but an image or script on the page is still loading over the old HTTP insecure connection.

The Fix:

  1. Install a Plugin: Download “Really Simple SSL” (Free).
  2. Activate It: It will scan your site and automatically force all images to load over HTTPS.
  3. Check Settings: Go to Settings > General on WordPress. Ensure your “WordPress Address” and “Site Address” both start with https://.

The above is great, and will get your mix content fixed quickly, however doing this at the server level is a better option. Not sure how? Reach out to your web host.

Conclusion

Let’s be crystal clear: You do not need to pay for SSL in 2025.

The “Free” SSL certificates provided by Let’s Encrypt are secure, trusted by Google, and sufficient for everything from personal blogs to WooCommerce stores.

If your web host tries to charge you £50 for an SSL certificate, take it as a red flag. They are selling you a free product at a premium markup.

Secure your site, get your padlock, but keep your wallet closed.

Donate

With that said, 100% of the funding for Let’s Encrypt comes from charitable contributions.

So if you are in a position to, please consider a donation: https://letsencrypt.org/donate/

You have chosen a host, moved your site, and secured it. Now, you need a way to manage it all. Next up: How to Choose a Control Panel: cPanel vs. Plesk Explained.

Share with friends:
What is an SSL Certificate, and Does My Site Need a Paid One?
5 Simple Tips to Monitor Your Website’s Uptime and Performance

Leave a comment

Thank you for stopping by.

Whether you are looking for your very first shared hosting plan or upgrading to a high-performance VPS, we are excited to be a part of your journey. Explore our guides, read our reviews, and let’s get your great idea online—fast, secure, and hassle-free.

Partners

EncodeDotHost

HetrixTools

GoCardless

Hetzner

GeneratePress

Bunny.net

SEOPress

GenerateBlocks

Psst! These are affiliate links - we might earn a small commission if you buy something. No pressure, but thanks for supporting us! 😊

© 2026 My Web Host

Privacy Policy Terms of Service