SSL & Certificates

There's no free SSL certificate valid for 1 year in 2026. Let's Encrypt offers 90-day certs (free, unlimited). Maximum paid validity is now 200 days and dropping to 47 days by 2029.

HTTP sends data in plaintext. HTTPS encrypts everything. Compare speed, security, SEO impact, and browser behavior — with a clear migration path for HTTP sites.

Need HTTPS on subdomains? Compare your 3 options: wildcard certificate, SAN certificate, or separate certificates for each subdomain. Includes cost and complexity comparison.

Test your SSL certificate and server configuration with free online tools. SSL Labs, SSL Shopper, crt.sh, and command-line checks — what each tool does and when to use it.

ACME (RFC 8555) is the protocol that automates SSL certificate issuance. Learn how ACME works step by step, the challenge types, and how GetHTTPS uses it in your browser.

When a private key is compromised, the certificate must be revoked. Learn how revocation works (OCSP, CRL, OCSP stapling), its limitations, and why short-lived certificates are replacing it.

Certificate Transparency (CT) logs record every publicly-issued SSL certificate. Learn how CT works, how to monitor your domain for unauthorized certificates, and how to use crt.sh.

Chrome 154 will enable HTTPS-First by default in October 2026. HTTP sites will show a full-page warning. Learn what this means, who's affected, and how to prepare.

Forward secrecy means every TLS connection uses a unique key. Even if your server's private key is compromised, past conversations can't be decrypted. Learn how it works and how to ensure it's enabled.

Not sure which SSL certificate to get? Use this decision guide. Covers DV vs OV vs EV, single vs wildcard vs multi-domain, free vs paid, and recommendations for every scenario.

HSTS tells browsers to always use HTTPS. Learn how to configure HSTS, what max-age to use, when to add preload, and the risks of getting it wrong.

Mutual TLS requires both server AND client to present certificates. Learn how mTLS works, when to use it (API security, zero trust), and how it differs from regular HTTPS.

Quick reference for the most common OpenSSL commands: check certificate expiry, verify chains, generate keys, convert formats, and debug TLS connections.

Public key cryptography uses a key pair — one public, one private — to secure HTTPS connections. Learn how asymmetric encryption, digital signatures, and key exchange make SSL/TLS possible.

Self-signed certificates trigger browser warnings. CA-signed certificates are trusted automatically. Learn when each is appropriate, how to create both, and why free CA certificates make self-signed obsolete for production.

Google confirmed HTTPS as a ranking signal in 2014. But how much does it matter? Real data on SSL's SEO impact, the 'Not Secure' warning effect, and what to do about it.

Current best practices for SSL/TLS configuration: protocol versions, cipher suites, HSTS, OCSP stapling, key management, certificate lifecycle, and security headers.

SSL certificates range from free (Let's Encrypt) to $500+/year (EV). Compare real prices from every major CA, understand what you're paying for, and why free certificates have the same encryption.

Yes, but with limitations. Let's Encrypt doesn't support IP addresses. Learn which CAs do, the alternatives, and why domains are almost always the better choice.

SSL/TLS encrypts web traffic (HTTPS). SSH encrypts remote server access. They use similar cryptography but serve completely different purposes. Here's how they differ.

SSL is deprecated. TLS is what actually secures the web. Learn the full history from SSL 2.0 to TLS 1.3, the technical differences, why we still say 'SSL', and what you need to do (probably nothing).

TLS 1.3 is the current encryption standard — faster handshake, mandatory forward secrecy, no legacy algorithms. Learn what changed from TLS 1.2, how to enable it, and whether you should force it.

HTTPS encrypts the connection between your browser and a website. Learn how HTTPS works, the TLS handshake, HTTP vs HTTPS differences, performance impact, and how to enable it for free.

An SSL certificate is a digital file that authenticates a website and enables encrypted HTTPS connections. Learn what's inside a certificate, how it works, how to get one for free, and why every site needs one.

How browsers verify SSL certificates through a chain from root CA to intermediate CA to your certificate. Learn why chain order matters and how to fix 'certificate not trusted' errors.

Compare ECC (ECDSA P-256) and RSA (2048/4096-bit) certificates. ECC keys are smaller and faster. Learn why GetHTTPS defaults to ECC and when RSA still makes sense.

Understand PEM, PFX/PKCS#12, and DER certificate formats. Learn which format your server needs and how to convert between them with OpenSSL.

A visual walkthrough of the TLS handshake — how your browser and a server establish an encrypted connection in milliseconds. Covers TLS 1.2, TLS 1.3, session resumption, and forward secrecy.

A multi-domain SAN certificate secures multiple different domains in one certificate. Learn how SAN works, when to use it vs wildcard, and how to get one with GetHTTPS.

Compare Domain Validation (DV), Organization Validation (OV), and Extended Validation (EV) SSL certificates. Learn the differences in verification, cost, and when you actually need each type.

The CA/Browser Forum voted to reduce SSL certificate validity to 47 days by 2029. Learn the timeline, what it means for your website, and how to prepare.

A Certificate Authority signs SSL certificates to prove a website's identity. Learn how CAs work, the trust model, major CAs, and why Let's Encrypt changed the industry.

A CSR is a message sent to a Certificate Authority to request an SSL certificate. Learn what a CSR contains, how it's generated, and why GetHTTPS handles it automatically.

Let's Encrypt is a free, nonprofit Certificate Authority that has issued over 1 billion SSL certificates. Learn how it works, its rate limits, and how to use it with GetHTTPS.

A wildcard certificate (*.example.com) secures all subdomains with one certificate. Learn how wildcards work, their limitations, and how to get one for free.