SSL Certificates Explained: Free vs Paid, DV vs EV

If you've ever bought hosting, somebody, somewhere, has tried to sell you an SSL certificate. The pitch usually involves words like "premium" and "extended validation" and a price that would buy you a decent dinner.

Here's the truth: for most websites, free SSL is exactly as secure as paid SSL. The encryption is identical. What you pay for is validation, support, and occasionally insurance — none of which the typical small business actually needs.

What an SSL certificate actually does

An SSL certificate (technically TLS, but everyone still says SSL) does two things:

• Encrypts the data flowing between a visitor's browser and your server.
• Confirms that your server really is who it says it is.

The little padlock in the browser bar means both of those checks passed.

The three validation levels

Where certificates differ is in how thoroughly they verify who you are.

• DV (Domain Validated): proves you control the domain. Issued in minutes by automated checks. Free from Let's Encrypt, ZeroSSL, and most hosts.
• OV (Organisation Validated): the certificate authority verifies your business exists. Takes a few days, costs maybe $50–150/year.
• EV (Extended Validation): the most rigorous, with documentation and a phone call to your company. Used to show the company name in green in the address bar — but browsers stopped doing that years ago.

Free SSL is real SSL

Let's Encrypt has issued literally billions of certificates since 2015. They use the same encryption, are trusted by the same browsers, and don't expire any differently (well, they expire every 90 days instead of every year, but renewal is automatic — you'll never notice).

If anyone tells you free SSL is "less secure," they're either misinformed or trying to sell you something.

When paid certificates make sense

There are real use cases for paid SSL — they're just narrower than you'd think:

• Wildcard certificates covering *.yourdomain.com if you have many subdomains. Let's Encrypt does free wildcards too, but DNS validation can be fiddly on some hosts.
• OV/EV certificates for financial services, banks, or sites where the legal certificate liability matters.
• Multi-domain (SAN) certificates covering many unrelated domains in one cert.
• Long-validity guarantees in environments where automated renewal is awkward.

The myths that won't die

• "Paid SSL ranks higher on Google." No. Google ranks based on whether you have HTTPS, not who signed your certificate.
• "Paid SSL is faster." No. Once a TLS handshake completes, performance is identical.
• "Free SSL gets revoked." No. Let's Encrypt has been around for over a decade and isn't going anywhere.

How to set up free SSL

On any modern host — including us — you don't have to do anything. SSL is provisioned automatically the moment your domain points to our servers. The certificate auto-renews every 60 days. If yours doesn't, that's a sign your host is stuck in 2014.

If you're running your own server, Certbot from the EFF handles Let's Encrypt issuance and renewal in a single command.

For roughly 95% of websites, the right answer is "free SSL, set up automatically." Anyone trying to sell you more should be able to explain exactly which of the narrow use cases above applies to you.

If you're still on plain HTTP in 2026, fix it today. Browsers now actively warn visitors that your site is "not secure," and Chrome shows a strikethrough on insecure pages. It costs nothing to switch on, and there's no downside.