If you already have a website you may have received an email from your host informing you of Google’s decision to forced SSL on websites this year. (You can recognize sites with SSL since theiraddresses start with https:// instead of http://. (You can see how this website appears in your browser’s address bar for example.)
While your website will still work and be accessible, it does means is that google will begin to flag your website as insecure, displaying as ‘Not Secure’ in the URL bar. Such a display would make business websites appear less professional and clients may be less likely to enter any personal information (like contact forms) on your website.
This is a great move from a security perspective, but for people with websites who are not very technical, this can become a challenge to correct. Some web hosts make this easy, some do not.
For now, this will impact people using the Chrome browser (one of the top 3 browsers). If your website has any form of text input (contact forms, etc) and does not have SSL the above warning will show.
What is SSL and Why is it needed?
I won’t bore you with the technical details. Essentially it encrypts data sent to/from a given website. Without this encryption it is possible for hackers to intercept that information. You would not want to log into your bank without SSL for example, and thus all banks use SSL.
For a coach’s website this on first glance seems less important, but many coaches have their intake forms online, and some of these questions may have personal answers clients would rather not have shared. This information is probably not high on a hacker’s radar but clients should feel confident their information and privacy is being protected. Additionally telling a client not to worry about that scary “Not Secure” error would be like a bus driver telling you not to worry about that check engine light. Sure, if may be nothing, but it still looks disconcerting.
Additionally, chances are you are logging in to your website to manage your pages. This is where hackers become more interested. Websites are constantly being hacked to push malware and create their scams. This is big business and once compromised, it can be very difficult to clean and secure that mess.
How to Add SSL
Unfortunately the installation process will vary with the host, but any decent host will have a way to install the certificate. Some hosts, like SiteGround, even offer the certificates for free.
The general process when the host does not provide the certificate is below. Check with support first to see if they can assist you with this since the process can be confusing.
- Generate a “CSR” which is basically the request for the certificate. It has all the encryption info needed to make the certificate. This step is done from your webhost, usually in the control panel. If you do not see the option check with support.
- Obtain the SSL certificate. This part is done from a service that sells certificates. I tend to use RapidSSL.com since they are rather cheap and I have never had any problems with their certificates. Some providers are more expensive since they offer additional liability protection. If you are processing payments via a 3rd party like Paypal, they already use SSL so you do not need to worry about expensive certificates.
- Install the SSL certificate. In step 2 you will be sent the certificate file, you then would install that certificate on your web host following their instructions.
- Redirect HTTP to HTTPS. This way if someone visits you the insecure way they are seamlessly redirected to the secure way. This can be done a few ways and can quickly get technical. Check with support first to see if they can assist. If you do not do this step some people will visit you securely and some will not, which can get confusing.
Again, always check with support first. The more they can do to assist with the installation the better. Now that Google is taking this initiative more and more hosts are finding ways to simplify the SSL installation process since it can be a bit cumbersome.
If you are starting with a new website, it is recommended you use SSL from the start. This is much easier to do during a fresh install!