SSL Certificates & HTTPS
An SSL/TLS certificate encrypts the connection between your server and your website visitors. Without HTTPS, modern browsers display a security warning — with a certificate, your site is marked as secure.
What is an SSL/TLS certificate?
An SSL/TLS certificate is a digital file that does two things at once: it encrypts traffic between the server and browser (so nobody can intercept it), and it confirms that your website actually belongs to your domain. The padlock symbol in the address bar indicates that a valid certificate is present.
Which certificate is right for me?
| Certificate type | Cost | Best for |
|---|---|---|
| Let's Encrypt | Free | Websites, blogs, web apps — the first choice for most use cases |
| Commercial certificate | Paid | Wildcard domains, Extended Validation (EV), or when Let's Encrypt is not an option |
| Self-signed | Free | Internal services, development environments — browsers will show a warning |
For publicly accessible websites we recommend Let's Encrypt — it is free, automatically renewable, and trusted by all major browsers.
Important notes before installation
Domain must point to your server
The A record of your domain must point to your server's IP address before a certificate can be issued. Let's Encrypt verifies this automatically.
Ports 80 and 443 must be open
Port 80 (HTTP) must be reachable from the internet for Let's Encrypt to issue and renew certificates. Port 443 (HTTPS) is needed for actual operation.
Set up automatic renewal
Let's Encrypt certificates are valid for 90 days. Certbot automatically sets up a cron job for renewal — verify that it is active.
Plesk handles everything automatically
If Plesk is installed on your server, you can issue and renew SSL certificates directly in the Plesk panel — no command line required.