Using SSL on Your Website

SSL (secure socket layer) certificates are used to provide a layer of security for your website visitors and data transactions, such as when a customer purchases something through your website with a credit card, or submits confidential or personal information.

With SSL, the connection between a user’s web browser and your website are securely encrypted, making it extremely difficult for a third party to intercept and steal that information. Websites protected by SSL are accessed with https:// appearing at the start of the address bar, versus http://. Also, a green padlock or similar identifier will appear in or near the address bar of your browser window when accessing a website hosted under SSL.

In late 2014, Google announced that websites indexed through its popular search engine would be given priority ranking if they were encrypted with SSL. In 2016, Google began actively penalizing websites not encrypted. The message is clear: If website owners want to appear on Google search results, those websites need to be secured with SSL.

Canvas Host offers several types of SSL certificate services. The level of SSL you need depends entirely on its intended purpose and whose connections need to be protected.

SSL Certificates: With or without a Static IP?

A static IP address uniquely identifies the address of your website on the Internet, completely separate from any other IP addresses, or the main, shared IP address, used by the other hosting accounts on the same server you are hosted on.

Traditionally, SSL certificates would require that a hosting account have a static IP address. And, only one SSL certificate could be installed to function on that IP address. We used to call this a 1:1:1 ratio: 1 Cpanel account, with 1 static IP address, and 1 SSL certificate. If you need any extras of any of those, a separate, additional hosting account would be required.

That’s no longer the case. Recent technology enhancements in the Cpanel hosting environment added support for SNI (server name identification), a TLS (transport layer security) extension that would enable a server to support multiple SSL certificates using the same IP address. This means that theoretically, static IP addresses would no longer be needed, and that anyone wishing to use SSL could simply install a certificate on their account, or multiple certificates if their account hosted multiple domain names, all without a static IP address.

There’s one catch: Windows operating systems as recent as Windows 7, but mostly XP and older, do not support SNI, so any SSL certificates installed via SNI may not function. Browsers may display errors for website visitors using those Windows operating systems. Other operating systems, like iOS or Android, support SNI and are not an issue, but they only represent a portion of the market.

For this reason, we recommend a static IP address be used for a live production website or e-commerce service.

Static IP addresses are in decreasing supply, and the cost for a Static IP in our Shared or WordPress hosting space is $5/month. For resellers, the price is $3/month per Static IP address. Static IPs can be ordered by contacting our Sales team, at sales@canvashost.com, or by opening a ticket in our Support system.

Free, Let’s Encrypt SSL Certificates with AutoSSL

By default, our shared, WordPress, and reseller hosting service lines include AutoSSL, a technology that automatically registers, installs, and renews SSL certificates issued by Let’s Encrypt, a third-party provider. These certificates rely on SNI, and are free. In fact, there’s nothing you need to do in order to use AutoSSL. From the time you open a hosting account with Canvas Host, each of the domain names in that hosting space will have AutoSSL generated and assigned.

AutoSSL is useful if you want secure access to webmail (with the address being https://webmail.yourdomain.com, with “yourdomain.com” being the actual domain you are hosting with us), or configure your smartphone to connect securely to your mailserver (at yourdomain.com) versus using the server hostname, which can be something like servername.canvashost.com, and not appear to have any relationship to your actual domain.

AutoSSL certificates satisfy Google’s SEO requirements, so even if you don’t transact commerce or confidential information, it is still recommended that you ensure your website is accessible and broadcasting its address under SSL.

At the same time, AutoSSL certificates do not include a warranty of any kind, so if someone were to break the security and somehow steal data or credit card transaction details, you would be personally liable for that breach. For this reason we do NOT recommend AutoSSL’s use of Let’s Encrypt SSL certificates for a live production website or e-commerce service.

AutoSSL is NOT available in our PCI-Compliant hosting environment.

Paid GeoTrust SSL certificates

The next step up is a paid SSL certificate. Canvas Host offers a range of certificates, and included in the costs are installation, reissuance, renewals, and ongoing technical support.

For a list of available SSL certificates, please visit:

https://www.canvashost.com/e-commerce/ssl-certificates.php

What’s next?

After installing the SSL certificate, you may need to make changes to your website, in order for it to function properly when accessed securely at https://. Please see this knowledgebase article for more information:

Converting a non-SSL Website to SSL