Jump to content
MDDHosting Forums

Isn't an SSL certificate impossible for a site on a shared server?


Recommended Posts

Google (and Firefox and EFF) have long encouraged "HTTPS everywhere" to protect web travelers from unsafe sites. Google now says it will by default give "https" URLs preferred weight in searches: http://googlewebmastercentral.blogspot.com/2015/12/indexing-https-pages-by-default.html


It is my impression that:

- Acquiring an https URL for a site involves SSL certification.

- Acquiring SSL certification is expensive.

- Acquiring SSL certification is impossible for a site on a shared server.


My site is simple-minded: a blog plus an About page (and, yes, error pages 400, 401, 403, 404, 500; and a sitemap). No commerce. Nonetheless, Wordpress presents a "search" when a tag is "not found"so that's a form and I suppose could deserve encryption...


I'm no SSL heavyweight. But I'd like site visitors to be and feel safe, and I'd like not to cripple my SEO. Advice?

Link to comment
Share on other sites

- The certification required for basic ssl is only that you are who you say you are and that you own the domain.
- SSL certificates can be expensive depending on what you choose. Our certificates start at $35 a year. However, there are other sources that you can purchase a certificate from that you can use. As long as you can add the certificate using the SSL/TLS wizard in cPanel you can use it.
- SNI was added to the ssl specification quite a few years ago. SNI provides the ability to have a unlimited number of SSL sites on the same IP. So it is a myth that it is impossible or requires a dedicated IP on modern servers.


If you desire you can even take a simpler route. Just put your site behind cloudflare. Then you can let cloudflare do all the work on getting the basic SSL needs met. You can find details on how they handle SSL here: https://blog.cloudflare.com/introducing-universal-ssl/

  • Upvote 1
Link to comment
Share on other sites

  • 2 weeks later...

We have just installed our SSL certificate on a shared server, it was a bit of hassle but well worth it. Certificates don't have to be expensive if you are not selling products. Word of advice though, if you cover all access points like forms, anywhere where the user can input information, make sure those url's are served as https then you have covered your bases for safe data transactions. Google should not penalise you for not having an https home page UNLESS there is a user interface on that homepage, or any type of form that can be filled out and sent.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...