Crawlsonar
Security

SSL / TLS certificates & HTTPS

Also known as: HTTPS, certificate

The technology behind the padlock — it encrypts the connection between your visitor and your site so nobody in between can read or alter it.

In plain English

HTTPS (the padlock in the address bar) means the connection is encrypted. A TLS certificate is the ID card that proves your site is really who it says it is and sets up that encryption. Without it, browsers warn visitors away and search engines rank you lower.

Certificates also expire — if yours lapses, visitors hit a scary full-page warning, so it's worth monitoring the expiry date.

How to fix / set it up

  1. Install a valid certificate (Let's Encrypt is free and auto-renews).
  2. Redirect all HTTP traffic to HTTPS and fix any mixed-content warnings.
  3. Monitor the expiry date and add HSTS once HTTPS is solid.

SSL / TLS Checker

The technical detail

Serve everything over HTTPS with a valid, in-date certificate whose hostname matches, a complete chain, a strong key and a modern TLS version (1.2+). Free certificates from Let's Encrypt auto-renew; pair HTTPS with HSTS to prevent downgrades.

FAQ

What's the difference between SSL and TLS?

TLS is the modern version of the old SSL protocol; people still say “SSL certificate” out of habit, but it's TLS under the hood.

Is a free certificate good enough?

Yes — a free Let's Encrypt certificate provides the same encryption as a paid one for most sites.

Related

← All topics in the knowledge base