Take a course or start your CPD log

Share

Getting a SSL certificate ready before launch: should you use Let's Encrypt?

Let's Encrypt is a fantastic initiative that gives you a free SSL certificate (secure certificate) for your website. This means your site can run on httprather than http, a great step for security, customer confidence and SEO.

However, for Let's Encrypt to issue you a free SSL certificate, you need your website to be running on it's correct domain. Well that's easy right? No. There's actually a major time when this isn't easy - when you're launching a new replacement website. By "replacement website" I mean you already have a website running on a domain name, and you're making a new site on new hosting for that domain. In this case, you'll probably have your website running on a staging domain - such as staging.yourbwesite.com - yourname.yourdeveloper.com.

There's also the times when you're moving hosting - meaning your website might be staying the same, but it's a new hosting account which whill ultimately house your existing website and domain.

If you found this article helpful, get more of this by joining our mailing list.

In either case, you'll need your old website or old hosting to be running with your existing domain right up until the moment of switch over, when you want your new website and/or new hosting up and running seamlessly.

In these situation you've got 2 choices.

1) You could launch your site on your new hosting without a secure certificate and as soon as it's launched and therefore running on it's correct domain, set up the SSL. In theory this should only be a few minutes but in those few minutes Google may tell your visitors that your site isn't secure. If you don't get much traffic then this probably really isn't a big deal as it's quite possible no one will even see the Google warning in those few minutes. But if you get a lot of traffic, then you might not like this approach as you don't want to give your visitors a bad impression, even if it is only briefly. 

2) So instead you could buy and set up a SSL certificate that isn't from Let's Encrypt. This is the way we always had to do it before Let's Encrypt existed. These cost from around £30 to hundreds of pounds depending on the level of security you want, and can take a bit of setting up from your developer if they need to install it for you on the server and make it actually "work". For a big busy website, these costs are quite minimal in the grand scheme of things and it's an import step towards a smooth re-launch or server move. But for smaller sites, it's an unnceccessary expense. Of course if you do opt for this approach, you could just buy the cheapest certificate available and switch to Let's Encrypt once your site is live so you don't have annual certificate costs.

So there you go - just something to be aware of in advance of your re-launch and something to discuss with your web developer / client so you have a smooth plan in place that everyone is happy with.

Lisa
by Lisa

Lisa has been planning, designing and building websites for companies of all sizes for over 18 years. Nowadays you'll mainly find her wireframing and then designing complex sites over at 18a to make sure they flow well to give the user the best possible experience whilst providing great ROI for the client. She also teaches SEO (search engine optimisation).

Photo: Franck

Would you like to give your digital knowledge a boost? Join our mailing list.