What’s HTTPS, letsencrypt.org and does my website need this?

HTTPS? what does it mean?

HTTPS means Hypertext transfer protocol over Transport Layer Security (TLS) is an encryption protocol that provides security over computer network. It’s used to ensure that the communications between your website and end users are encrypted. You might have noticed that bank sites you visit always have https in the start on the URL path of your browser.

How to decide if you need HTTPS?

If you store any personal/sensitive data, and this is shown on your website when user interacts, or the user fills a form with some data which can be considered personal/sensitive then you need this. Keep in mind that Chrome now shows a warning https://developers.google.com/web/updates/2016/10/avoid-not-secure-warn if you have a form which has type password or if it suspects a form element which is meant for credit card. Additionally google has made it clear it will consider this for SEO ranking https://webmasters.googleblog.com/2014/08/https-as-ranking-signal.html

Hence we suggest you should implement this. Please contact us for details.

What is required to implement this?

To implement this we need certificates signed by a reputed body. These reputed body charge for this service. Additional there are charges to have a unique IP assigned to this domain, and maintenance charges. These costs are yearly costs. Additionally If your existing website is on http and you wish you switch to https there will be a one time cost to check the website and confirm this transition works fine, and there are no http contents being rendered on https requests. Please contact us at [email protected]

Where does Letsencrypt.org fit in this?

As indicated above, one of the costs for implementing https is a valid/approved authority should sign these certificates. All browsers have a list of valid authority who can sign. These authorities charged a basic yearly fee for this service. Letsencrypt.org gives these certificates for free and is one of the approved authority on most browsers. (eg very old windows XP with service pack below 3 will have problems). To know more about letsencrypt please see their FAQ https://letsencrypt.org/docs/faq/ , to see which browsers are compatible you can check https://letsencrypt.org/docs/certificate-compatibility

What do we recommend?

HTTPS is to be given a serious thought as it is a factor for SEO. However the choice of letsencrypt or some other authority is totally up to you. As mentioned the signing authority is just one part of the cost, so it does not mean HTTPS is for free. However it will reduce the costs a bit.