Over the last year, buzz on SSL use in general has been skyrocketing due to increased hacking and search engine requirements. Now, web browsers will instill even more urgency for webmasters and site owners to get-their-act-together and prepare to tackle the challenge of converting non-secure sites, to secure.
In a business field already difficult to prosper, the last thing you need is another monkey-wrench thrown into the mix. For many domain owners, including myself, it seems like just one thing after another.
First it was Google+ combined with Google Authorship, a Google failure I might add. Then it was getting your domains mobile ready, followed by making your sites responsive and/or at least understanding the differences between “mobile” and “responsive” so that you could obtain the mobile ready icon in Google search results while dealing with what search engines actual prefer to rank pages (Which is neither – both are considered the same). Afterwards, it was the benefit of ranking better in search with an SSL on your domain (which hasn’t actually seemed to matter much if you ask me). Then, just when you thought you had that all of that under control Google introduced AMP pages (The Accelerated Mobile Pages Project) with even more requirements.
Holy smokes; is your head spinning yet?
Well, get ready for more Google excitement.
I’ve now come across the fantastic news that Google’s Chrome browser will begin showing a label of “Not Secure” on any pages it believes collect login credentials or payments of any kind. In an upcoming release Google Chrome will then move to labeling all non-HTTPS pages as “Not secure” when users are using incognito mode and in a final step, label all plain HTTP pages as “Not secure”. So basically, Google Chrome will remove the “option” for you to expect websites to load normally without an SSL Certificate.
Dec 27, 2016 Google Webmasters Blog posted:
From the end of January with Chrome 56, Chrome will mark HTTP sites that collect passwords or credit cards as non-secure. Enabling HTTPS on your whole site is important, but if your site collects passwords, payment info, or any other personal information, it’s critical to use HTTPS. Without HTTPS, bad actors can steal this confidential data. #NoHacked
Even worse, any sites that use an SHA1 certificate will be COMPLETELY BLOCKED by Chrome and Firefox towards the end of January, Internet Explorer will do the same in February (Funny how Microsoft is always last with everything). The good news on this is that all Certificate Authorities should have already contacted customers if they had an SHA1 certificate so they could replace it with an SHA256 certificate. To check if you have an SHA1 certificate in Chrome go to an SSL site, click on where it shows the lock up on the top left and click “Details”. Down on the bottom, if you have a SHA1 certificate it will tell you that your certificate is out dated.
With SSL Certificates generally more expensive than the domains themselves, this requirement is going to add significantly to a domainers average cost of doing business provided that their normal method of business includes hosting or developing their domains, but it is likely going to affect everyone, even those who park them.
On average the cost of a basic SSL certificate is $30 – $60 per domain, with wild card certificates (those for multiple subdomains) a little more expensive.
There are some very cheap SSL providers out there (with a simple Google search) but I have no idea how good they are. Pricing is all over the map for SSL’s and it will depend greatly on where you purchase them, but now is a great time to start looking around for which ones you like most to install or which ones seem to work best with your hosting provider, or which ones install easiest, because it is going to affect you now and into the future.
A great way to tackle this extra cost in doing business is to become a domain name reseller with a company that also sells SSL certificates so that you can drop not only the price of the domain names you buy, but you can drop the price of your certs and buy them at the wholesale reseller rate. That is exactly what I do so I should only be looking at an extra $22 per domain. I would recommend just about everyone do this (unless you have a better idea) because I think it is the best way to save money on them. Again, but others may know of cheaper providers out there with good reliable certificates at great prices. If you do know of any don’t hesitate to leave that information below in the comments because I am sure it could help out a great deal of domainers.
IMPORTANT UPDATE: Reader Garth pointed out a FREE SOLUTION https://letsencrypt.org in the comments.
What say you? Are you ready to tackle this new additional issue to secure your domains and websites before you are forced into doing so?