How to get the green padlock of SSL certification on my website?

Surely you have noticed that a green padlock sometimes appears in the address bar of your browser. If you use Google Chrome, you will see the phrase “It’s safe” next to it.

Red and green padlocks

However, there are times when you have seen a gray circle appear with an “i” inside it, and when you hover over it or click it, a drop-down window appears informing you that “Your connection to this website is not secure” in red letters. What’s more, sometimes you will have seen a red padlock with a warning message next to it. In this case, often times the browser won’t let you see the webpage and instead display a huge message with a red warning sign. It’s always better for UX to have the green padlock of a proper SSL certification.

All these messages indicate various situations in which the websites that we are trying to access are found:

Green padlock

It means everything is working properly, the website has the SSL security certificate installed. The https: // should appear next to the URL of the web. It is safe.

Gray circle with an “i” inside

Although the website is not dangerous, we have to be careful if sensitive data such as a password, a credit card number, etc. are entered. If we look at it, the url does not show https:// but rather http://. This means that the website does not send encrypted data, so when any data is sent, it can be intercepted by malicious actors who may keep our password or payment details. Sometimes the https: // appears but the “i” also appears inside the circle, this may be because none or only some of the URLs on the web are https. In that case you must force all URLs to be https://.

Red padlock

Sometimes a red padlock and https also appear in red and crossed out in the address bar. This means that the site is not safe or even dangerous. Don’t even think about entering private information here. What’s more, you should avoid that site just to be safe.

What is an SSL security certificate?

An SSL certificate is a trust measure that consists of encrypting the data that is sent from our computer to the server where the webpage is located where we are going to buy our favorite product or the concert tickets of our favorite group.

We see that a website has an SSL security certificate installed when a green padlock appears in the browser’s address bar and https: // in the same color in front of the address of the web page. This indicates that the information that is sent through the internet is almost impossible to be received, viewed or modified by another person.

Let’s Encrypt

Before it was difficult to see this type of security, since you had to contract with expensive certified hosting companies that are still available today, although at a lower price. But relatively recently this changed as the Linux Foundation created Let’s Encrypt.

Let’s Encrypt is a free and open Certificate Authority (CA) that provides two types of certificates:

  • Standard individual SSL, which covers the individual domain.
  • SSL Wildcard, which covers all its subdomains in addition to the individual domain.

When a Let’s Encrypt certificate is issued, it is issued for a period of 90 days and is automatically renewed.

Can I put the green padlock on my website?

Yes, as long as it is offered by your hosting company for free through Let’s Encrypt or through other types of certification. But Let’s Encrypt is enough. In case your web hosting company does not have this security certificate, think about packing your bags and taking your website to another hosting.

How do I know if my hosting has SSL certification?

Look for it among their services, look in your cPanel or Plesk panel or ask the technical service directly. Some of the companies that do offer it are the following:

  • Bluehost
  • SiteGround
  • DreamHost
  • Hostinger
  • WPEngine

From the control panel of your hosting you can install the SSL Let’s Encrypt certificate, entering the email of the certifier, which can be your web administrator or yourself, and then you must pass your website to SSL. That is, you have to do two things:

  1. Modify all old internal links as they still link to the old unsecured version. We could do this by modifying the database, but it is better to do it with a plugin if we are on WordPress. I use Really Simple SSL.

  2. We have to avoid that the URLs can be accessed with the version without SSL. That is, there cannot be two versions of the pages (in http and in https), since Google would interpret it as duplicate content, that is, two different URLs with the same content. For this we have to modify the .htaccess file, located in the root directory where the web is hosted. This code that we must add is the following:

# Force every URL to use https  
RewriteEngine On  
RewriteCond %{HTTPS} off  
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]

Sometimes it can happen that a 301 error (ERR_TOO_MANY_REDIRECTS) occurs, in that case this code will have to be used.

# Force every URL to use http (when an error 301 occurs)  
RewriteEngine On  
RewriteCond %{ENV:HTTPS} !on [NC]  
RewriteCond %{SERVER_PORT} 80  
RewriteRule ^(.*)$ https://yourdomain.com/$1 [R=301,L,NE]

If this is too complicated for you because you don’t have enough technical knowledge, I can help you install the SSL certificate on your website. Do not doubt to get in touch with me.

Benefits of having the green security padlock

That your website is in https has a series of benefits, but the main ones are:

  1. Trust. When a user enters your website and sees the green padlock, he feels more secure. What’s more, Google Chrome added the words “It’s safe” to the side some time, and that unconsciously reassures.
  2. Security. The information that is entered in any form on your website will be encrypted, so it cannot be modified or read by anyone. This, if you have an e-commerce, is essential to avoid later problems because someone’s card number is stolen.By the way, this is not so crazy, it is enough that it is in an open Wi-Fi network of any cafeteria and buy through your web (if it is not secured with SSL) so that anyone can get the card details. Who is going to protest is you, and you have a problem.
  3. SEO. Since last year, Google has already included SSL certification as a ranking factor in its algorithm. That is, the search engine will favor (other things being equal) a website with https over another with http.

Read also: Importance of cybersecurity in SEO strategies.