SoftInWeb← Back to blog
·4 min read

SSL explained: what it is, why it matters, and how it renews

The green padlock in the browser isn't decoration — it's the single indicator that separates a trustworthy site from one customers abandon.

SecuritySSLHTTPS

If your website shows http:// instead of https://, or browsers warn "Not Secure" when visitors arrive, you're losing customers and Google ranking. That's not an exaggeration.

This post explains what SSL is, why it became mandatory, and how it's handled properly.

What SSL/TLS is (in plain language)

When a browser visits your site, it sends and receives information (addresses, credit cards, form messages). Without encryption, that information travels in plain text — anyone on the same WiFi can read it.

SSL (Secure Sockets Layer) and its modern successor TLS (Transport Layer Security) encrypt that communication. The result: https:// instead of http:// and the padlock icon in the browser.

Technically, SSL/TLS does 3 things:

  1. Authentication — verifies the server is actually who it claims to be (not an attacker intercepting)
  2. Encryption — nobody between your visitor and your server can read the content
  3. Integrity — guarantees data wasn't modified in transit

Why SSL is mandatory in 2026

1. Google penalizes sites without SSL

Since 2018, Chrome marks http:// sites as "Not Secure" in big letters. Since 2019, Google has treated HTTPS as a direct ranking factor. A site without SSL:

  • Shows a red warning
  • Ranks lower in search results
  • Loses visitor trust instantly

2. Customers don't trust sites without the padlock

Trust studies show 85% of users abandon a site when they see the "not secure" warning. If your contact form lives on an http:// page, the browser specifically warns the user not to submit information.

3. Some browser features only work over HTTPS

  • Geolocation
  • Service Workers (offline apps)
  • Camera/microphone APIs
  • Web payments (Apple Pay, Google Pay)

Without HTTPS, these features simply don't work in modern browsers.

Types of SSL certificates

There are 3 validation levels. Price goes up with level:

TypeValidatesIssue timeAnnual costWhen to use
DV (Domain Validation)That you control the domainMinutes$0 (Let's Encrypt) or $10–5090% of sites
OV (Organization Validation)That the company legally exists1–3 days$80–200E-commerce, corporate
EV (Extended Validation)Deep company validation1–2 weeks$150–500Banks, major financials

For most businesses, a free Let's Encrypt DV certificate is enough. Banks need EV. Most don't.

Let's Encrypt vs paid certificates

Let's Encrypt (free):

  • ✅ Completely free
  • ✅ Issued in seconds
  • ✅ Auto-renewal (every 90 days)
  • ❌ DV only (doesn't validate the company)
  • ❌ 90-day cycle (if renewal fails, site breaks quickly)

Paid certificates:

  • ✅ 1-year cycles (less frequent renewal)
  • ✅ OV/EV validation available
  • ✅ Direct technical support
  • ❌ Cost money
  • ❌ You pay and configure manually or semi-auto

For softinweb.com and most of our clients, we use Let's Encrypt with automatic renewal. It's the modern standard.

How automatic renewal works

A serious plan sets up:

  1. Cron job that checks certificates every night
  2. 30 days before expiration, attempts automatic renewal
  3. Email notification if renewal fails (so a human can step in)
  4. Automatic backup of the current cert before replacing it

With Let's Encrypt + certbot or acme.sh, this is standard. When it works, it's invisible — your cert renews every 90 days without you doing anything.

When it fails (and sometimes it does), you need someone to fix it before expiration. That's why monitoring is critical.

Common errors and how to diagnose them

"Certificate expired"

Renewal cron failed silently. Typically because:

  • Port 80 (HTTP) was blocked and Let's Encrypt couldn't validate
  • A firewall changed
  • The domain points to another server without telling the renewal process

How to fix: renew manually with certbot renew, then investigate why auto failed.

"Invalid certificate" or "chain error"

The browser downloaded the cert but can't validate the trust chain. Usually because:

  • Intermediate cert is missing on the server
  • The server has certs in the wrong order

How to fix: verify the chain with tools like SSL Labs Test.

"Mixed content"

Your page is HTTPS but loads resources (images, scripts) over HTTP. The browser blocks them. Page looks broken.

How to fix: change all internal URLs to HTTPS, use relative paths (/images/foo.jpg instead of http://yoursite.com/images/foo.jpg).

How to check your SSL is healthy

  1. Visit ssllabs.com/ssltest and enter your domain
  2. You should get a grade of A or A+
  3. If you get C, D, or F, your configuration has serious issues

Run this test at least once a month. SSL isn't "set and forget" — new vulnerabilities appear (POODLE, Heartbleed, BEAST) and configurations have to be updated.

How we handle it

On every site we build at SoftInWeb and for our clients, we set up Let's Encrypt with automatic renewal via Nginx Proxy Manager, expiration date monitoring, and alerts 30 days ahead. If auto-renewal fails, we get an alert and fix it before visitors notice.

If your site shows "not secure" or you're worried SSL is misconfigured, reach out for a free check.

Ready to start your website?

First consultation free. We respond within 24 hours.

Request a quote