While most site owners only need a free SSL certificate, like Let’s Encrypt, some hosts are being super slow to get on the ball with supporting it. Discover what’s going on and what you need to check at your host before converting your site.
UPDATED 8/25/17 – A few more hosts are now offering free SSL, finally.
Why So Slow to Adopt Free SSL?
The short answer is, overhead.
The overwhelming majority of site owners do not need a paid SSL certificate because they are not taking payments directly on their site.
But regardless of what type of certificate site owners need, hosts have an overhead cost for the process of issuing and activating an SSL certificate for the domain.
That process is costing them a boatload of money and overwhelming support man hours due to the increased demand for free certificates.
cPanel to the Rescue
cPanel only recently rolled out support for AutoSSL, which makes it easier for hosts to offer and support free SSL certificates.
That support is crucial for two main reasons:
- Issuing and activating the certificate
- Auto renewing the certificate
Hosts who are on the ball with the latest cPanel changes have begun to turn on Let’s Encrypt for all new accounts by default.
(FYI, the are also setting them to PHP7 too, which might make older plugins break.)
And they now include an Let’s Encrypt icon in cPanel, so existing clients can turn it on at will.
All of this is drastically reducing their support overhead for the initial setup.
Auto Renewal is the Key
But what makes all this possible is the behind-the-scenes support of auto-renewal. Let’s Encrypt, and other free SSL certificates have to be renewed every 90 days.
An auto renewal system is the only way hosts can afford to support free certificates without causing even more overhead.
So, even if a host agrees to install and activate a free certificate you go out and get yourself, it will not be auto-renewed.
Yeah, clients are going to remember to do that every 89 days, right? NOT!
Why the Adoption Delay?
The new cPanel version is being rolled out in stages, mainly on new servers. And hosts have to expend a lot of man hours to upgrade older servers.
They also have to coordinate this with a new version of Apache on any servers that use that OS
So, this is like changing the tires while the car is flying down the highway while avoiding any hiccups to existing clients on those older servers.
Some hosts don’t use cPanel, which is a brand of app for a control panel that has a friendly interface for users.
I have no idea what those poor folks are having to go through to offer SSL of any kind.
Check Before You Flip
You know you need to jump on the HTTPS bandwagon.
You’ll want to check to see what types of SSL certificates your host supports first.
If you want to go with a free SSL, and your host doesn’t support it, then you have 3 choices.
- Get a paid certificate that your host does support
- Wait for your host to support free SSL
- Move to host that supports free SSL now
It’s still early in the HTTPS game. You might just want to wait until either your host supports free SSL or your contract term is up with them.
But, if you want to make the flip now, most hosts offer a prorated refund for any time you have remaining with them.
Which Hosts Don’t Offer Free SSL
To date, these are the hosts that don’t support free SSL:
- Bluehost – UPDATE – now offers a proprietary free SSL, plus low-cast SSL via Comodo
- HostGator
- HostMonster
- A Small Orange
Note that all of the above are owned by EIG.
- GoDaddy
- InMotion Hosting
- Synthesis – UPDATE – now offers Let’s Encrypt
Note that Synthesis is the hosting for Genesis’ Rainmaker platform, and likely the hosting for the new StudioPress Sites too.
If you know of more hosts, leave a comment and I’ll add them to the list.
Ready to Get Your Site Converted?
Just because SSL is turned on at your host doesn’t mean your site is HTTPS ready.
There’s a LOT to converting a site.
Get help from a pro to make your conversion easy.