SSL / TLS certificates & HTTPS
Also known as: HTTPS, certificate
The technology behind the padlock — it encrypts the connection between your visitor and your site so nobody in between can read or alter it.
In plain English
HTTPS (the padlock in the address bar) means the connection is encrypted. A TLS certificate is the ID card that proves your site is really who it says it is and sets up that encryption. Without it, browsers warn visitors away and search engines rank you lower.
Certificates also expire — if yours lapses, visitors hit a scary full-page warning, so it's worth monitoring the expiry date.
How to fix / set it up
- Install a valid certificate (Let's Encrypt is free and auto-renews).
- Redirect all HTTP traffic to HTTPS and fix any mixed-content warnings.
- Monitor the expiry date and add HSTS once HTTPS is solid.
The technical detail
Serve everything over HTTPS with a valid, in-date certificate whose hostname matches, a complete chain, a strong key and a modern TLS version (1.2+). Free certificates from Let's Encrypt auto-renew; pair HTTPS with HSTS to prevent downgrades.
FAQ
What's the difference between SSL and TLS?
TLS is the modern version of the old SSL protocol; people still say “SSL certificate” out of habit, but it's TLS under the hood.
Is a free certificate good enough?
Yes — a free Let's Encrypt certificate provides the same encryption as a paid one for most sites.