Skip to content

Glossary

What is SSL / HTTPS?

In depth

SSL history: Netscape released SSL 2.0 in 1995 (formally deprecated in 2011). In 1999 it evolved into TLS (Transport Layer Security) — technically "SSL" no longer exists; every active certificate is TLS, but the "SSL" brand stuck in everyday speech. In 2026 the current standard is TLS 1.3 (RFC 8446), a major security upgrade: deprecated ciphers (RC4, MD5) removed, forward secrecy by default, handshake speed 33% faster.

The functional part of SSL/TLS — the handshake. When a browser connects via https://: (1) ClientHello — list of supported ciphers; (2) ServerHello — server picks a cipher and sends a certificate; (3) Certificate verification — browser validates against a root CA (Let's Encrypt, DigiCert, Sectigo); (4) Key exchange — Diffie-Hellman or ECDHE; (5) Finished — encrypted communication starts. With TLS 1.3 this is one round-trip (vs two on TLS 1.2) — about 150 ms real time from Tbilisi to a US server.

Certificate Authority (CA) ecosystem: (1) Let's Encrypt — free, automated, 90-day validity, ACME protocol; (2) DigiCert — paid ($175-$1,500/year), Extended Validation (EV) for banks; (3) Sectigo, GlobalSign — corporate CAs; (4) Cloudflare Universal SSL — free with Cloudflare DNS proxy; (5) AWS Certificate Manager — free for AWS resources. In 2026 Let's Encrypt holds ~70% share because: free, automated renewal (cron + certbot), wildcard certificates (*.example.com), trusted by 99.9% of browsers.

Certificate validation levels: (1) DV (Domain Validation) — only proves DNS control; the most common, ready in seconds to minutes; Let's Encrypt only issues this. (2) OV (Organization Validation) — DV + legal business verification; 1-3 days, $50-$200/year. (3) EV (Extended Validation) — OV + comprehensive vetting + the old green address bar (deprecated in browsers since 2019). 2026 standard: 99% of sites use DV — EV no longer has ROI because the browser UI no longer surfaces it.

Google ranking signal: in August 2014 Google announced HTTPS as a ranking signal. From 2017 Chrome shows a "Not Secure" warning on HTTP pages. Since 2018 mixed content is blocked (HTTP resources on HTTPS page). The cumulative effect — by 2026 a non-HTTPS site risks deindexing. Ranking boost magnitude: about 5-7% extra organic clicks (Backlinko 2024 study).

Practical setup for a Georgian site: (1) Vercel/Netlify hosting → SSL automatic, nothing to do; (2) Shared hosting (cPanel) → AutoSSL or Let's Encrypt button → 1 click; (3) VPS Linux → certbot + cron renewal (90-day renewal cycle); (4) Cloudflare proxy → Universal SSL (free); (5) WordPress → Really Simple SSL plugin + Let's Encrypt on the host. Price 2026: $0 with Let's Encrypt. EV certificate (banking): $400-$1,500/year. Georgian hosting providers (proservice, hosting.ge, 1tone) — all give free SSL by default.

Examples

  • 1Let's Encrypt setup on VPS: `sudo certbot --nginx -d craftwebstudio.ge -d www.craftwebstudio.ge` → SSL active in 30 seconds
  • 2TLS health checker: ssllabs.com/ssltest → A+ grade target (TLS 1.3, HSTS, no weak ciphers)
  • 3HSTS header: `Strict-Transport-Security: max-age=63072000; includeSubDomains; preload` → blocks downgrade attacks
  • 4Mixed content fix: every <img>, <script>, <link> URL must be https:// — warnings appear in Chrome DevTools Console
  • 5Cloudflare Full (strict) SSL mode: browser↔Cloudflare = HTTPS, Cloudflare↔origin = HTTPS — the most secure setup
  • 6Certificate auto-renewal: certbot.timer (systemd) attempts renewal daily, actually renews 30 days before expiry

Related services

Website Development

Custom, fast, SEO-ready websites for modern businesses.

E-commerce

Online stores with a full product, payment and logistics stack.

Landing Page

High-converting single-page sites for campaigns and launches.

Frequently asked questions

Is a free SSL certificate enough?

Yes — Let's Encrypt + Cloudflare covers 99% of cases. Premium SSL ($100+/year) is only needed for EV (Extended Validation) for finance or enterprise compliance.

What happens to ranking without SSL?

Google Chrome shows a "Not Secure" warning, conversion drops 25-40%. SSL has been a Google ranking factor since 2014 but the effect is small. UX impact >> SEO impact.

TLS 1.3 vs TLS 1.2 — which do I need?

TLS 1.3 is default in 2026. Keep TLS 1.2 for backward compatibility. Disable TLS 1.0/1.1 in your Cloudflare/server config — they are deprecated.

Ready for a free consultation?

Get in touch — we reply within 24 hours with a scoped project estimate.

Start a project
Now PlayingCraftwebstudio Mix