Isn't an SSL certificate impossible for a site on a shared server?

[fjpoblam]

Google (and Firefox and EFF) have long encouraged "HTTPS everywhere" to protect web travelers from unsafe sites. Google now says it will by default give "https" URLs preferred weight in searches: http://googlewebmastercentral.blogspot.com/2015/12/indexing-https-pages-by-default.html

 

It is my impression that:

- Acquiring an https URL for a site involves SSL certification.

- Acquiring SSL certification is expensive.

- Acquiring SSL certification is impossible for a site on a shared server.

 

My site is simple-minded: a blog plus an About page (and, yes, error pages 400, 401, 403, 404, 500; and a sitemap). No commerce. Nonetheless, Wordpress presents a "search" when a tag is "not found"so that's a form and I suppose could deserve encryption...

 

I'm no SSL heavyweight. But I'd like site visitors to be and feel safe, and I'd like not to cripple my SEO. Advice?

[ericr]

- The certification required for basic ssl is only that you are who you say you are and that you own the domain.
- SSL certificates can be expensive depending on what you choose. Our certificates start at $35 a year. However, there are other sources that you can purchase a certificate from that you can use. As long as you can add the certificate using the SSL/TLS wizard in cPanel you can use it.
- SNI was added to the ssl specification quite a few years ago. SNI provides the ability to have a unlimited number of SSL sites on the same IP. So it is a myth that it is impossible or requires a dedicated IP on modern servers.

 

If you desire you can even take a simpler route. Just put your site behind cloudflare. Then you can let cloudflare do all the work on getting the basic SSL needs met. You can find details on how they handle SSL here: https://blog.cloudflare.com/introducing-universal-ssl/

[fjpoblam]

I truly thank you, ericr, for your prompt and detailed response. I'll bookmark the cloudflare site, and read your response with great attention so that I may, I hope, understand which path is most appropriate for my blog. You have always been a great help, and I appreciate it.

[SBell]

We have just installed our SSL certificate on a shared server, it was a bit of hassle but well worth it. Certificates don't have to be expensive if you are not selling products. Word of advice though, if you cover all access points like forms, anywhere where the user can input information, make sure those url's are served as https then you have covered your bases for safe data transactions. Google should not penalise you for not having an https home page UNLESS there is a user interface on that homepage, or any type of form that can be filled out and sent.