Google has announced that in Chrome version 68 sites that do not contain a valid SSL certificate will get marked as “not secure”. Google brings this change in their efforts to create a more secure internet and increase the adoption of HTTPS encryption. Chrome 68 is expected to be released by the end of July.
What is HTTPS?
Whenever you visit a site data is transferred over the HTTP protocol between your browser and the website. With HTTPS data sent between your browser and the site is encrypted, adding an additional layer of security.
With an SSL certificate (needed for HTTPS) the web server where your site runs stores a public and private key. These keys are used for encryption. The public key is what your browser uses to encrypt data that it sends to the site. Only the private key stored on the web server can decrypt the data your browser sent to the site.
Why Do I Need HTTPS?
When you browse the internet through HTTP your browser sends data unencrypted, in plain text. This poses the risk of your data being intercepted and read by someone else. This is particularly dangerous when passing information to sites such as credit card numbers and login information. With HTTPS your data is encrypted so that even if a hacker was to intercept your connection, your data would still stay encrypted and secure.
If you’re accessing your banking site you want to know that your data is secure. While using HTTPS won’t guarantee the security of your personal info, it’s a step forward in that direction.
How Do I Obtain an SSL Certificate?
To obtain an SSL certificate which is necessary for HTTPS you have several options. We’re going to list some free and paid options available and our recommendations.
If you use CloudFlare, then you can get a free SSL certificate from them. However, CloudFlare offers shared certificates which are not as secure as a full SSL certificate. CloudFlare has the option to bring your own certificate or if you’re paying for CloudFlare you can get a dedicated certificate.
If you want a full SSL certificate you can always purchase one from sites that sell them and most of the time the place where you bought your domain will also sell SSL certificates. Most people opt out of this option because you have to pay for the certificate yearly and costs can pile up.
The next option is one for those that want a full SSL certificate without breaking the bank.
Started in 2016, Let’s Encrypt provides free and automated SSL certificates. Let’s Encrypt certificates are trusted and used by many sites today. If you want to use a Let’s Encrypt certificate you need to make sure that your webhost supports it first. Or if you have a VPS you can install Let’s Encrypt without support from your host. In terms of installation, it is very simple to install a Let’s Encrypt certificate. Some webhosts will even offer a tool to install and renew the certificate for you as we do at Wurpe. And if you’re on a VPS you can use the Let’s Encrypt certificate bot which will guide you through configuring the certificate.