Fernside Studio
Background
Archive
Journal Entry

SSL Certificate: What It Is & Why You Need One

Documented
Capacity
6 MIN READ
Domain
Website Performance & Ops

SSL is why some websites start with “https://” and show a padlock icon, while others say “http://” and trigger a “Not Secure” warning in the browser bar. If your site doesn’t have SSL in 2026, you’re losing trust, rankings, and sales every single day. Here’s what it is and how to fix it.

What SSL Actually Is (One Sentence)

SSL encrypts data between your website and your visitor’s browser so nobody can intercept it in transit. That’s why banks, payment pages, and login forms use it. But in 2026, every site needs it, not just ones handling credit cards.

The technical version: SSL (Secure Sockets Layer, now technically called TLS) creates an encrypted tunnel between the server and the browser. Any data that passes through (form submissions, login credentials, even which pages someone visits) is scrambled and unreadable to anyone who might intercept it.

But you don’t need to understand the cryptography. You need to understand why not having it hurts your business.

Why You Need SSL (Even If You Don’t Take Payments)

1. Google Penalises Sites Without It

Google confirmed in 2014 that HTTPS is a ranking signal. In 2026, it’s not a bonus. It’s a baseline requirement. Sites without SSL are actively pushed down in search results. If you care about SEO at all, SSL is non-negotiable.

2. Browsers Warn Visitors Away

Chrome, Safari, Firefox, and Edge all display “Not Secure” warnings for HTTP sites. Some show a full-page warning that visitors must click through. This is the equivalent of a sign on your shop door saying “WARNING: This business might not be safe.” Visitors leave. Conversion rates plummet.

3. It Looks Amateur

In 2026, SSL is standard. Every legitimate business site has it. Not having it signals to visitors that your site is outdated, unmaintained, or potentially compromised. It’s like having a business card with a Hotmail address. Technically functional, but it undermines trust immediately.

HTTP vs HTTPS: What’s the Difference?

  • HTTP = HyperText Transfer Protocol. Data sent in plain text. Anyone on the same network (coffee shop WiFi, for example) can theoretically read what’s being transmitted.
  • HTTPS = HTTP + Secure. Data is encrypted. Even if intercepted, it’s unreadable scrambled text.

The ‘S’ is the entire difference. Check your site right now:

  • https://yoursite.co.uk = You have SSL. Good.
  • http://yoursite.co.uk = You don’t. Fix it today.

How to Check If You Have SSL

Takes 3 seconds:

  1. Open your website in Chrome or Safari
  2. Look at the address bar
  3. Padlock icon + https:// = SSL is active
  4. “Not Secure” warning or http:// = No SSL

You can also click the padlock (or warning) to see certificate details: who issued it, when it expires. If it’s expired, your site shows warnings even though you technically “have” SSL.

How to Get SSL (And What It Costs)

Free SSL (What Most SMBs Need)

Most modern hosting providers include SSL certificates at no extra cost:

  • Cloudflare Pages: Free SSL, auto-renewing, zero configuration
  • Netlify: Free SSL via Let’s Encrypt, automatic
  • Kinsta / WP Engine: Free SSL included with managed WordPress hosting
  • Squarespace / Wix / Shopify: SSL included in your subscription

These use Let’s Encrypt certificates, which are free, trusted by all browsers, and they auto-renew so you never have to think about expiry.

Premium SSL certificates (from DigiCert, Comodo, etc.) offer extended validation, meaning your company name appears in the browser bar. Only necessary for:

  • Large ecommerce sites processing high-value transactions
  • Enterprise businesses where the extra trust signal matters
  • Regulated industries (finance, healthcare) that require specific certificate types

For 99% of small businesses, free SSL is identical in security to paid SSL. The encryption is the same. Don’t pay for something you get free.

If Your Host Doesn’t Include SSL, Switch Hosts

Any hosting provider still charging separately for basic SSL in 2026 is running an outdated operation. It’s like a phone company charging extra for voicemail. The market has moved on.

If you’re paying £50-100/year for an SSL certificate on top of your hosting, you’re overpaying. Switch to a host that includes it (Cloudflare Pages, Netlify, any modern managed host). The migration effort pays for itself in year one.

What Happens After You Add SSL

Once SSL is active, your site switches from http:// to https://. Two things need to happen:

Set Up Redirects

Anyone visiting http://yoursite.co.uk should automatically get sent to https://yoursite.co.uk. Most modern hosts handle this automatically. If yours doesn’t, you need a redirect rule (your developer can add this in 5 minutes).

Without redirects, you effectively have two versions of your site, one secure, one not. Google sees this as duplicate content, and visitors who type your URL without “https://” get the insecure version.

If your site’s internal links point to http:// URLs, update them to https:// or use relative paths. Mixed content (a secure page loading insecure resources) triggers browser warnings even with SSL active.

Test Everything

After enabling SSL:

  • Visit every page and check for warnings
  • Test your contact forms (they should still submit correctly)
  • Check images and scripts load without “mixed content” errors
  • Verify your redirect works (type http://yoursite.co.uk and confirm it sends you to https://)

The Bottom Line

SSL is not optional in 2026. Without it:

  • Google ranks you lower
  • Browsers warn visitors away
  • You look unprofessional
  • Form data is transmitted insecurely

With it:

  • Everything works as visitors expect
  • You rank normally
  • Trust is maintained
  • Your site is genuinely more secure

If your site shows “Not Secure” right now, fix it today. Every hour it stays that way is costing you traffic and trust.

Fernside sites include SSL by default via Cloudflare Pages: automatic, free, always on, auto-renewing. You never think about certificates or security configurations. If your current site has SSL issues or your host is charging you for basics, let’s talk about moving you to modern infrastructure.

Say hello

Quick intro