SSL certificate: what it is and how to install it
Published on July 4, 2026 8 min read
What is an SSL certificate, why does HTTPS matter and how do you activate a free one in Plesk with Let's Encrypt? A clear guide to DV, OV and EV.
An SSL certificate makes your website load over HTTPS: it encrypts the traffic between a visitor and your server and shows that the connection is genuine. This article explains what an SSL certificate is, why HTTPS matters for security, trust and SEO, the difference between DV, OV and EV certificates, and how to activate a free certificate yourself in Plesk with Let's Encrypt.
What is an SSL certificate?
An SSL certificate is a small digital file that is tied to your domain. It sets up an encrypted connection between your visitor's browser and the web server, so no one along the way can read or alter the data. Once a certificate is active, your site loads over https:// instead of http://.
SSL or TLS: what is the difference?
The name SSL (Secure Sockets Layer) dates back to the 1990s and is technically outdated. Its successor is called TLS (Transport Layer Security). The old SSL versions 2.0 and 3.0 are insecure and disabled, and TLS 1.0 and 1.1 were formally deprecated in 2021. Modern websites use TLS 1.2 and TLS 1.3. In everyday use, people still say "SSL certificate", but the certificate actually sets up a TLS connection. It is the same certificate; only the name has stuck.
Why HTTPS matters
A valid SSL certificate matters for three reasons: security, visitor trust and visibility in Google.
Security
Without encryption, everything a visitor types, from passwords to payment details, travels across the internet as readable text. Anyone who intercepts that traffic can read it or even change it. An SSL certificate encrypts that data and protects against eavesdropping and tampering, known as a man-in-the-middle attack.
Trust in the browser
Since 2018, browsers have shown a "Not secure" label on every page that still loads over HTTP. The familiar padlock was replaced in Chrome 117 (September 2023) with a neutral settings icon, because research showed that almost nine in ten people did not understand what the padlock meant and that HTTPS has become the norm. Visitors now simply expect a secure connection, and a missing one is immediately noticeable.
SEO and speed
Google has used HTTPS as a small positive signal in its search results since 2014. The effect on your ranking is limited, but HTTPS is also a requirement for the faster HTTP/2 and for many modern browser features. For good visibility and a good user experience, a valid SSL certificate is therefore practically essential.
DV, OV and EV: the three types of certificate
All SSL certificates provide equally strong encryption. The difference lies purely in how thoroughly the certificate authority checks who you are before the certificate is issued. There are three levels.
| Type | What is checked | Turnaround | Cost | Best for |
|---|---|---|---|---|
| DV (Domain Validated) | Only whether you control the domain | A few minutes, automated | Free, including through Let's Encrypt | Most websites, blogs and online shops |
| OV (Organization Validated) | Also whether the organisation really exists | Hours to days | Paid | Companies that want to show extra trust |
| EV (Extended Validation) | The strictest legal vetting of the organisation | Days | Paid, more expensive | Large organisations and compliance needs |
One thing worth knowing: the green address bar with the company name that EV certificates used to show was removed from Chrome and Firefox in 2019. The extra identity check behind OV and EV now appears only in the certificate details, no longer in the address bar. For most websites, a free DV certificate is enough, because the encryption is exactly the same.
Free SSL certificate at LJPc hosting with Let's Encrypt
At LJPc hosting, every hosting package includes a free SSL certificate from Let's Encrypt. Let's Encrypt is a non-profit certificate authority that issues free DV certificates. The certificate is requested and renewed automatically through Plesk, as soon as your domain points to the server with an A record (and an AAAA record for IPv6).
Automatic renewal is not a luxury but a necessity. Let's Encrypt certificates are valid for 90 days and therefore need to be renewed regularly. On top of that, the maximum validity of certificates is shrinking step by step: since 15 March 2026 the maximum lifetime is 200 days, from 15 March 2027 it becomes 100 days, and from 15 March 2029 it drops to just 47 days. By automating renewal, you never have to think about this yourself. If you want to know more about this certificate authority, read our guide to Let's Encrypt.
Activating an SSL certificate in Plesk with Let's Encrypt
If your domain already points to our server, LJPc handles most of these steps automatically. If you want to set it up or check it yourself, first confirm two things:
- The A record (and the AAAA record) of your domain points to the correct server. Without that, Let's Encrypt cannot verify that the domain is yours.
- Any CAA record allows issuance by Let's Encrypt. If you have no CAA record, there is nothing to worry about. If you do have one, make sure letsencrypt.org is allowed.
Then activate the certificate in Plesk:
- Log in to Plesk.
- Go to Websites & Domains and select the domain you want to secure.
- Click SSL/TLS Certificates.
- In the Let's Encrypt section, choose the option to request a free certificate.
- Check your email address and tick the box to also secure the www version. This is usually selected by default.
- Click Install or Get it free. Plesk requests the certificate and installs it straight away.
- Then turn on an automatic redirect from HTTP to HTTPS, so visitors always land on the secure version.
The exact names of menus and buttons can vary slightly between Plesk versions, but the route stays the same. Under SSL/TLS Certificates, you can also see when the certificate expires and whether renewal is going smoothly.
Wildcard certificates
A wildcard certificate secures all first-level subdomains at once, written as *.yourdomain.com. Think of shop.yourdomain.com, blog.yourdomain.com and mail.yourdomain.com. Do keep the limits in mind:
- It does not cover the root domain yourdomain.com itself, unless that is added separately as an extra name.
- It does not cover subdomains at a deeper level, such as test.shop.yourdomain.com.
For a free wildcard from Let's Encrypt, DNS validation is required: a TXT record has to be placed temporarily at _acme-challenge.yourdomain.com. Your DNS therefore needs to be managed somewhere that supports this. A wildcard is handy if you have many subdomains or regularly create new ones.
When should you choose a paid certificate?
For most sites, a free DV certificate is more than enough. A paid certificate is worth considering when you:
- need an OV or EV certificate because your organisation wants or must have a verified identity in the certificate, for example for compliance reasons;
- want a warranty or specific support from a particular certificate authority;
- want a commercial multi-domain or SAN certificate that combines several separate domains in one certificate.
If all you need is a secure, encrypted connection, a free DV certificate offers exactly the same protection as a paid one.
Common problems
| Problem | Possible cause and solution |
|---|---|
| The certificate is not issued | The A record does not point to the server yet, or the DNS change is not active everywhere. Check the A record and wait until the change has taken effect. |
| Error about CAA | A CAA record is blocking issuance. Add letsencrypt.org to the CAA record or remove the restriction. |
| The site still loads as "Not secure" | The automatic redirect to HTTPS is off, or no certificate is active yet. Turn on the HTTP-to-HTTPS redirect. |
| Warning about mixed content | The page still loads images or scripts over http://. Change those references to https://. |
| The certificate has expired | Automatic renewal failed, often because the domain no longer points to the server. Restore the A record, and the certificate will then renew itself. |
Can't work it out? Get in touch with support, and we'll be happy to help.
Frequently asked questions
What is the difference between SSL and TLS?
SSL is the old name of the security protocol, and TLS is the modern successor. The old SSL versions are insecure and disabled. When people say "SSL certificate", they mean a certificate that sets up a TLS connection. The name SSL has simply stuck out of habit.
Is a free SSL certificate as secure as a paid one?
Yes. The encryption in a free DV certificate is exactly as strong as in a paid OV or EV certificate. The difference is only in the identity check of the organisation, not in the security of the connection itself.
How long does it take before my SSL certificate is active?
A DV certificate from Let's Encrypt is usually issued within a few minutes, provided your domain already points to the server. If you have just changed an A record, it can take a while before that change is active everywhere and the certificate can be requested.
What does the padlock in the browser mean?
The padlock indicates that the connection is encrypted. Since Chrome 117 (2023), it has been replaced by a neutral settings icon, because many people thought the padlock meant that a site itself was trustworthy. A certificate secures the connection, but says nothing about how trustworthy the content is.
Do I have to renew my SSL certificate manually?
Not at LJPc hosting. The Let's Encrypt certificate is renewed automatically through Plesk, as long as your domain keeps pointing to our server. Because certificates are valid for shorter and shorter periods, that automatic renewal is genuinely useful.
Do I need a wildcard certificate?
Only if you want to secure several subdomains on one domain without requesting a separate certificate for each. If you have just a few fixed subdomains, a standard certificate for each one is enough.