Tech tips

Your Web Host Might be Ripping You Off with Your SSL

Your Web Host Might be Ripping You Off with Your SSL

Most websites these days employ an SSL because they help keep users safe and let search engines know the site is legitimate.

But most people do not know how much an SSL should cost. Because of this, SSL have become a popular profit center for many big website hosting providers. Next time you are about to begin hosting with a provider, here is why you might want to pay special attention to what they are charging for

What is an SSL and Why Do You Need One?

SSLs are certificates that are installed on a web server with a website. SSLs encrypt traffic between the users’ web browser and the web server. This keeps important data like names, credit card numbers, birthdays, etc. safe.

Why do You Need One?

There are 2 reasons you a required to have an SSL.

The first is that SSLs play an important part of securing your client’s data. Users can confidently use your website and know their data is secure because SSLs create secure tunnel between their browser and the web server, preventing anyone from the outside snooping on their sensitive data like credit card numbers, names, etc.

The second is that web browsers like Google chrome, Firefox etc., have all begun requiring SSLs. If your website does not have an SSL, the browser shows user a Window stating your site is unsecure and that their data might be at risk. Users then must find a hidden button to proceed to your site. This creates friction and stokes fear from potential visitors.

How do I Know if My Site Has an SSL?

You can tell your site has an SSL installed if you see a lock icon next to your website URL in your browser. The lock icon might appear green, black, or grey. Alternatively, if you don’t have an SSL installed you will be able to tell because the lock might be red, show an x, or say “not secure”. You will also likely receive a warning pop up saying your site is unsecure.

Cheap vs Premium SSLs

SSLs come in many flavors. There are inexpensive open-source technologies like Let’s Encrypt for a low-cost or sometimes free from your hosting provider, then there are premium SSLs. Premium SSLs such as Domain Validated (DV), Multi-domain, and Wildcard SSLs are more costly, but provide additional benefits.

Domain validated certificates, which certify a single domain, will allow you to receive a certificate that can be published on your site proving that not only is your SSL installed, but that you received your SSL only after proving you are a legitimate business. Premium SSLs often require information like the name of your business, DBA name, physical address, etc.

Providers like RapidSSL and DigiCert also include insurance in case a certificate authority fails to properly validate information contained in an SSL and there is a financial loss as a result. Payment would cover the website owner liability up to the amount specified in the certificate warranty.

Multi-Domain SSLs can be extremely beneficial if you have multiple domains you want to protect. You can use 1 multi-domain certificate to cover many domains.

Wildcard SSLs are used for securing multiple subdomains. If your site has subdomains like mail.yourdomain.tld, shopping.yourdomain.tld, etc., you should consider a wildcard SSL.

Prices vary wildly for premium SSLs because they can either be purchased directly from providers like DigiCert or from web hosts who partner with providers and set a margin.

Why Hosts Upcharge for SSLs

The advent of technologies like Let’s Encrypt have brought down the cost of SSLs dramatically. Many hosts are now providing SSLs free for certain products where they the SSL is pre-integrated such as cPanel website hosting. Hosts often will charge a small fee for open-source SSLs if any maintenance or installation is required on their part such as installing on a VPS.

But because SSLs are inexpensive, some hosts have turned SSLs into huge profit centers because they know users do not understand what an SSL should cost.

The result is that some hosts are now charging many times over what an SSL should cost.

Basic SSLs Should be Affordable

These days SSLs are commonly pre-integrated in the control panels that they use for shared website hosting. Additionally, technologies like Let’s Encrypt auto-renew, are taking away the intensive labor involved with manually renewing traditional SSLs when they expire. Basic SSLs should be free for any host that use cPanel and under $50/yr for Let’s Encrypt installation on a VPS server.

Premium SSLs will remain expensive because of the relatively high base price from suppliers. They also require manual installation which requires a lot of labor. You should expect multi-domain and Wildcard SSLs to be over $100 at almost any hosting provider.

Strategies Hosts Employ to Overcharge for SSLs

Sometimes hosts will clearly outline the cost of an SSL, but often they will use less transparent upgrades and packages to mask the cost of the SSL. Here are the common ways hosts tend to overcharge for an SSL.

Hiding Cost Within a Broader Security Package

Because SSLs help with security and are not penalized by search engines for being unsecure, SSLs are sometimes sold as part of a security or SEO package. The host will charge a fee for the SSL and some other features like web application firewall (WAF), basic SEO tools etc. The firewall and tools will typically cost the host nothing and are already setup at the tenant level which allows the host to mask the cost of the SSL.

Aggressive Package Introductory Pricing That Becomes More Expensive Upon Renewal

One of the most common strategies web hosts use to upsell SSLs and other package features is to offer a low introductory price and renew the client at a price that is several times higher. We’ve seen extremes like charging around $2 for shared hosting contract pricing only for it to renew at $10-$15.

These prices will include features like SSL, sometimes domain, firewall, and more.

While these pricing schemes aren’t explicitly designed to sell SSLs, they are designed to get users subscribed to a set of features that the host can later charge for. SSLs are a part of the overall value equation.

Not Being Transparent that SSLs are Free

Another common strategy we’ve noticed is that hosts will often include basic SSLs in all products including both shared hosting and VPS’. The problem is that while they will highlight the SSL is free on shared website hosting plans, they won’t list it as a feature on VPS’. Hosts are potentially hoping clients are going to assume they still need to buy a certificate. When you get a VPS from a host, make sure to ask or research if they have free SSLs for VPS’ and what is required to install the SSL.

Upselling via Customer Service

Users might find that there is a discrepancy between what a host’s website says they are being charged for an SSL vs what they are actually paying. Often this is because they receive a quote from sales or customer service who will overcharge for an SSL in the quote. This often results in users overpaying compared to what they should be paying according to the host’s public pricing.

We have seen quotes where users are charged several dollars a month for a basic SSL when it would have otherwise been free.

How to Get an SSL for Free

When purchasing website hosting, check the price of the SSL and what is included in your hosting package thoroughly. You might find a host is overcharging for your SSL or another solution as part of your plan. Arm yourself with information and comparison shop to make sure the deal is fair. Also make sure to check pricing after your introductory pricing ends. Most users host their websites for many years with the same host and introductory pricing is very short lived compared to the regular pricing.

Choose from plans that explicitly mark your SSL as included and charge a reasonable amount for your hosting.

If you do speak with customer service and they try to charge for an SSL, doublecheck, cross reference the hosts’ site. If they try to charge for a premium SSL and you don’t need one, ask if a free option like Let’s Encrypt is available.

Smaller hosts which don’t always include the SSL might even negotiate with you and include the SSL if you ask and they feel your business is valuable enough.

Summary

SSLs have become inexpensive. But because most users don’t understand how inexpensive SSLs are for a host to install, they often overpay. There are times that SSLs will be expensive such as if you require a premium SSL for purposes such as insurance, establishing extra trust, or certifying multiple domains. However, most users won’t require premium SSLs, rather they only need a basic SSL to keep their visitors safe.

ZebraHost includes SSLs for all our website hosting plans. We do not use complex contract pricing or renew at higher rates. If you are interested in a let’s encrypt SSL for your VPS or dedicated server, we offer Let’s Encrypt SSLs for a maintenance fee of $30 per year.

Sign Up For Our Newsletter

Get featured blog articles, industry news, and specials straight in your inbox.