Why SSL/TLS Is Non-Negotiable
HTTPS is no longer optional. Google Chrome marks all HTTP sites as "Not Secure" in the address bar. Google's search algorithm gives a ranking boost to HTTPS sites. Payment Card Industry (PCI DSS) standards mandate TLS for any site handling cardholder data. And fundamentally, without TLS, every piece of data your visitors send — passwords, form submissions, personal information — travels the internet in plaintext, readable by anyone on the same network.
SSL (Secure Sockets Layer) is the predecessor protocol; it has been deprecated since 2015 and is disabled on all modern systems. The current standard is TLS (Transport Layer Security). Despite this, the industry still colloquially calls certificates "SSL certificates." When someone says "SSL," they mean TLS.
An SSL/TLS certificate does two things: it authenticates your server (proves you are who you claim to be) and it enables encryption of all data in transit. Without the certificate, the encryption cannot be established because there is no trusted way to exchange the session keys.
How SSL/TLS Works: The Handshake
Every HTTPS connection begins with a TLS handshake — a brief negotiation that establishes trust and generates the session encryption keys. Understanding this process helps you diagnose connection failures and configure your server correctly.
TLS 1.3 Handshake (Simplified)
- Client Hello: The browser sends the TLS version it supports, a list of cipher suites, and a random nonce.
- Server Hello: The server selects a cipher suite, sends its certificate, and provides its key share for key derivation.
- Certificate Verification: The browser verifies the certificate is signed by a trusted CA, the domain matches, and it hasn't expired or been revoked.
- Key Derivation: Both sides independently compute the same session key using their exchanged key shares (ECDHE). No key is ever transmitted.
- Finished: Both sides send a Finished message encrypted with the new session key, confirming the handshake succeeded. Encrypted data transfer begins.
TLS 1.3 vs TLS 1.2: Why the Version Matters
- 1-RTT handshake (vs 2-RTT in 1.2)
- 0-RTT session resumption
- Forward secrecy mandatory
- Removed weak cipher suites (RC4, DES, 3DES)
- Encrypted certificate in handshake
- Supported by all major browsers since 2018
- Still widely supported for compatibility
- Supports legacy cipher suites if misconfigured
- No mandatory forward secrecy
- Larger handshake surface area
- TLS 1.0 and 1.1 are deprecated — disable them
Cipher suites define the algorithms used for key exchange, authentication, bulk encryption, and message authentication. Modern servers should only support ECDHE key exchange (for forward secrecy), AES-GCM or ChaCha20-Poly1305 for encryption, and SHA-256 or SHA-384 for HMAC. Disable cipher suites using RC4, DES, 3DES, MD5, or RSA key exchange (non-ephemeral).
Certificate Types: DV, OV, and EV
Not all SSL certificates are created equal. They differ in how rigorously the Certificate Authority verifies the applicant's identity, how quickly they're issued, and what information they contain.
Domain Validation (DV) Certificates
The CA only verifies that you control the domain — typically by placing a file at a well-known URL, or adding a DNS TXT record. Issued in minutes. No company name in the certificate. Best for: personal websites, blogs, internal tools, development environments. Let's Encrypt issues DV certificates for free. The browser shows the padlock icon but not a company name.
Organization Validation (OV) Certificates
The CA verifies domain control plus confirms the legal existence of your organization using public business registries. Takes 1–3 business days. The organization name is included in the certificate Subject field. Best for: company websites, e-commerce sites, customer portals. Provides an extra layer of trust — users can inspect the certificate and see the verified company name.
Extended Validation (EV) Certificates
The most rigorous validation — the CA verifies legal existence, operational status, physical address, and confirms the applicant is authorized to request the certificate on behalf of the organization. Takes 5–10 business days. Historically showed a green address bar with the company name (removed from Chrome/Firefox circa 2019), but EV certificates still appear in certificate details. Best for: high-value financial transactions, government sites, healthcare portals where maximum trust is required.
Wildcard Certificates
A wildcard certificate (e.g., *.yourdomain.com) secures all first-level subdomains under a domain with a single certificate. It covers mail.yourdomain.com, app.yourdomain.com, api.yourdomain.com, etc., but does not cover yourdomain.com itself (you need a SAN entry for the apex) or second-level subdomains like dev.api.yourdomain.com. Wildcards are issued at DV or OV level.
Multi-Domain Certificates (SAN/UCC)
Subject Alternative Names (SANs) allow a single certificate to cover multiple distinct domains: yourdomain.com, www.yourdomain.com, yourdomain.net, and partner-site.com all in one certificate. This is operationally simpler than managing multiple certificates, but be aware: if the private key for a SAN certificate is compromised, all domains on that certificate are affected.
Certificate Authorities: How the Chain of Trust Works
A Certificate Authority (CA) is an organization that has been granted trust by browser and OS vendors to issue certificates. The trust model is hierarchical: browsers ship with a bundle of Root CA certificates pre-installed. Root CAs sign intermediate CA certificates, and intermediates sign your server's end-entity certificate.
Root CA private keys are kept offline in HSMs in physically secured facilities. All day-to-day signing is done by intermediate CAs. When you install a certificate, you must also install the intermediate CA certificates that bridge the trust from your certificate back to the root. This is called the certificate chain. A broken chain (missing intermediate) is one of the most common causes of SSL errors on mobile devices and curl.
Let's Encrypt: Free DV Certificates
Let's Encrypt, operated by the Internet Security Research Group (ISRG), has issued over 4 billion certificates since its 2015 launch. It uses the ACME protocol to automate domain validation and certificate issuance. Certificates are valid for 90 days — short enough to limit exposure from compromised keys, but Certbot and other ACME clients handle automatic renewal transparently. There is no cost. Let's Encrypt is trusted by all major browsers.
Commercial CAs
DigiCert, Sectigo (formerly Comodo), GlobalSign, and Entrust are the major commercial CAs. Use them when you need OV or EV validation, dedicated support, warranty coverage, or specialized certificate types like code-signing or S/MIME email certificates. Prices range from ~$50/year for basic OV to several hundred dollars for EV multi-domain certificates.
Installing SSL Certificates: Apache and Nginx
Using Certbot (Let's Encrypt) — Recommended
Certbot is the official ACME client for Let's Encrypt. It can obtain and install certificates automatically:
Manual Apache Configuration
If you're installing a commercial certificate manually:
Manual Nginx Configuration
Chain order matters: In Nginx, ssl_certificate should point to a file that contains your certificate first, followed by the intermediates. In Apache, use SSLCertificateChainFile separately or concatenate the chain into SSLCertificateFile. Incorrect chain order causes SSL errors specifically on clients that don't cache intermediate certificates (often mobile devices).
Certificate Monitoring and Renewal
An expired certificate causes your site to become completely inaccessible — browsers show a full-screen warning that most users will not bypass. Certificate expiry is still one of the most common causes of unplanned outages, even at large organizations.
Automating Renewal with Certbot and Systemd
Certbot on modern Debian/Ubuntu systems automatically installs a systemd timer:
Certbot renews certificates when they are within 30 days of expiry. Since Let's Encrypt certificates are valid for 90 days, renewal typically happens around day 60, giving you a comfortable buffer.
Monitoring Strategies
- External monitoring: Use a monitoring service to check your certificate from outside your network daily. Get alerts at 30 days, 14 days, and 7 days before expiry.
- CA email notifications: Most commercial CAs send expiry reminder emails. Make sure the certificate contact email address is a monitored inbox, not a personal email that may change.
- Inventory management: Maintain a spreadsheet or CMDB entry for every certificate in your organization, including domain, CA, expiry date, renewal owner, and server location. Certificate proliferation — especially after cloud migrations — makes ad-hoc tracking unreliable.
- Certificate Transparency logs: All publicly-trusted certificates are logged to CT logs. Monitor these logs for your domains using crt.sh or a dedicated CT monitoring tool to detect unauthorized certificates issued for your domains.
Check your certificate's current validity and expiration date instantly with the EP Cybertools SSL Checker.
Common SSL Errors and How to Fix Them
ERR_CERT_AUTHORITY_INVALID (NET::ERR_CERT_AUTHORITY_INVALID)
Cause: The certificate was issued by a CA not in the browser's trust store. Common causes: self-signed certificate, missing intermediate certificate, or a corporate internal CA. Fix: Install a certificate from a publicly trusted CA, or ensure the full chain including intermediates is served. Test with: openssl s_client -connect yourdomain.com:443 -showcerts
Mixed Content Warnings
Cause: An HTTPS page loads resources (images, scripts, CSS, iframes) over HTTP. Browsers block active mixed content (scripts, iframes) and warn about passive content (images). Fix: Update all internal resource URLs to HTTPS. Use protocol-relative URLs (//domain.com/resource) or absolute HTTPS URLs. Check with browser DevTools (Console → Mixed Content warnings). Add a Content-Security-Policy: upgrade-insecure-requests header as a safety net.
ERR_CERT_DATE_INVALID (Certificate Expired)
Cause: The certificate's notAfter date has passed, or the server's system clock is significantly wrong. Fix: Renew the certificate immediately. If you use certbot, run certbot renew --force-renewal. If the clock is the issue, sync NTP: timedatectl set-ntp true.
ERR_CERT_COMMON_NAME_INVALID (Hostname Mismatch)
Cause: The domain in the browser's address bar doesn't match the CN or SAN entries in the certificate. Common scenarios: forgetting to include www in the SANs, accessing a server by IP address instead of hostname, or using the wrong certificate for a virtual host. Fix: Reissue the certificate with the correct domain names as SANs. Always include both the apex domain and www in SANs.
SSL Handshake Failures / ERR_SSL_PROTOCOL_ERROR
Cause: No mutually supported TLS version or cipher suite. Often seen when a server has been locked down too aggressively (e.g., TLS 1.3 only with no 1.2 fallback), or when a client only supports old protocols. Fix: Enable both TLS 1.2 and 1.3 on your server to maintain compatibility. Use ssl_protocols TLSv1.2 TLSv1.3; in Nginx. Check with the EP Cybertools TLS Scanner.
Post-Quantum TLS: Preparing for the Future
Today's TLS relies on RSA and Elliptic Curve Diffie-Hellman (ECDH) for key exchange. Both are vulnerable to Shor's algorithm running on a sufficiently powerful quantum computer. While a cryptographically relevant quantum computer (CRQC) does not yet exist, the "harvest now, decrypt later" threat is real: adversaries are collecting encrypted traffic today with the intent to decrypt it when quantum computers become available.
Google Chrome, Cloudflare, and AWS have already deployed hybrid key exchange in TLS — combining classical ECDH with ML-KEM (formerly Kyber), one of NIST's newly standardized post-quantum algorithms. This hybrid approach ensures security against both classical and quantum attacks without sacrificing compatibility.
As a web administrator, monitor your CDN and server software vendors for TLS updates that incorporate post-quantum key exchange. Check your current TLS configuration against post-quantum readiness with the EP Cybertools SSL Checker and explore our dedicated Post-Quantum Cryptography guide for a deeper dive.
Check Your SSL/TLS Configuration
Run these free EP Cybertools checks against your domain to verify your certificate chain, TLS version support, cipher suites, and expiry status:
Frequently Asked Questions
Is a free Let's Encrypt certificate as secure as a paid one?
Cryptographically, yes. A DV certificate from Let's Encrypt uses the same TLS encryption as a $400 EV certificate from DigiCert. The difference is in identity assurance: paid OV/EV certificates include verified organization information. For most websites, a free Let's Encrypt DV certificate provides full encryption and the padlock icon. The only scenarios where you need paid certificates are when you require OV/EV validation, code signing, S/MIME email signing, or extended warranty coverage.
Does HTTPS slow down my website?
TLS 1.3 adds roughly 1ms of latency for new connections (one fewer round-trip than TLS 1.2), and the encryption/decryption overhead is negligible on modern hardware with AES-NI acceleration. TLS session resumption and HTTP/2 (which requires TLS in practice) actually make repeated connections faster than plain HTTP. In most real-world measurements, HTTPS is as fast or faster than HTTP due to HTTP/2 multiplexing.
What is HSTS and should I enable it?
HTTP Strict Transport Security (HSTS) is a response header that tells browsers to always use HTTPS for your domain, even if the user types http://. This eliminates the window where a first HTTP request could be intercepted. Enable it with Strict-Transport-Security: max-age=31536000; includeSubDomains. Caution: Only set this after your entire site is fully on HTTPS, because it's cached by browsers and cannot be undone for the max-age period. Start with a short max-age (300 seconds) for testing.
Can I use the same SSL certificate on multiple servers?
Yes — a certificate and its private key can be deployed on multiple servers serving the same domain (e.g., a load balancer cluster). All servers need the same certificate file and the same private key. Keep the private key access tightly controlled and ensure it's not world-readable on any server. Some CAs restrict the number of installations as a policy matter, but technically the protocol allows it.
What should I do if I think my private key has been compromised?
Act immediately: (1) Generate a new private key and CSR, (2) Request a new certificate from your CA, (3) Install the new certificate and key, (4) Contact your CA to revoke the compromised certificate — CAs are required to revoke within 24 hours for key compromise under CA/Browser Forum rules. Revocation notifies browsers via OCSP and CRL that the old certificate should no longer be trusted. The old certificate remains in CT logs permanently, which is normal.
Continue Learning
Explore more security guides and diagnostic tools from EP Cybertools.