SSL/TLS Certificates: Securing Your Domain
SSL/TLS certificates are the foundation of HTTPS — the secure, encrypted communication protocol used by all modern websites. When a user visits your site over HTTPS, their browser verifies your certificate and establishes an encrypted connection. Without HTTPS, data is transmitted in plain text and can be intercepted.
What a Certificate Does
- Encryption: Establishes an encrypted channel — data transmitted cannot be read by third parties on the network
- Authentication: Verifies that the server is who it claims to be — preventing man-in-the-middle attacks where an attacker impersonates your site
- Trust: Browsers display a padlock for HTTPS sites and warnings for HTTP sites — affecting user trust and conversion rates
Certificate Types
- Domain Validated (DV): Verifies control of the domain only — the most common type for web applications. Issued automatically by Let's Encrypt in seconds.
- Organisation Validated (OV): Verifies the organisation's legal identity in addition to domain control — appropriate for corporate sites
- Extended Validation (EV): Most rigorous validation — previously displayed the organisation name in green in browser bars, but most browsers have removed this visual distinction
- Wildcard certificates: Cover a domain and all its subdomains (*.example.com) — useful for services with many subdomains
Let's Encrypt and Automatic Renewal
Let's Encrypt provides free, automated DV certificates. We use it for all applications where DV certificates are appropriate, with automatic renewal configured via ACME protocol — certificates renew before expiry without manual intervention. Certificate expiry causing downtime is entirely avoidable with proper automation.