Hey there! I have a question for my friends. As Comodo has prohibited the Russian Federation from renewing its certificates, I am gradually moving customer sites in the ru segment to Lets Encrypt with auto-renewal. This seems to be working well. However, my hosting service recently offered the option to purchase paid certificates from GlobalSign AlphaSSL for a year.

After ordering a certificate for testing on one site, it took a month for verification to come through. While the certificate ultimately connected successfully, I wonder if it's worth connecting a paid certificate. Considering that free SSL may be enough for ordinary commercial sites without financial transactions, etc., are there any issues with auto-renewal every 3 months, impact on SEO, or other pitfalls to consider?

In most cases, a free SSL certificate would suffice as there is barely any difference between AlphaSSL and Lets Encrypt that can be felt by both search engines and users. However, two significant differences to note are:

- Alpha SSL certificates necessarily include the www subdomain and cannot be declined. This can be a concern for some individuals.
- For obtaining Lets Encrypt certificate, one needs to install Certbot on the server and have a working site to get the certificate successfully. This makes it challenging to obtain a certificate without a functional website.

Quote from: Newport on Aug 04, 2022, 07:10 AMBut still, does it make sense to connect a paid certificate, or is free ssl more than enough for ordinary commercial sites, without financial transactions, etc.?

There will be no difference. Unless, of course, a lot of money is flowing through the online transactions of a commercial site, and insurance for a million - one and a half is not required.

Quote from: Newport on Aug 04, 2022, 07:10 AMOr there might be problems with auto-renewal every 3 months, impact on seo, or some other pitfalls???

If hosting is with a panel, then it will be renewed itself, glitches rarely occur, they are treated through support. If your server, then as written above.

Certbot, if necessary, can be installed on a home computer. True, it will be necessary to generate / transfer the certificate every three months with pens.
Well, or on a separate server.

Thank you all, accepted!

SSL certificates provide a decent level of protection and come at a cost ranging from $10 to $200 per year. Paid certificates have longer and more difficult keys to decrypt, adding an extra layer of security. Moreover, they also offer insurance that guarantees compensation in case of domain hacking.

There is no need to worry about incompatibility with browsers as almost all of them are compatible with paid certificates. Renewal of the certificate isn't a problem for domain owners either as the supplier company takes care of it. Instructions in Russian for paid SSL certificates make it easy for domain owners to resolve issues on their own.

The only downsides to paid certificates are that they are not always issued quickly and are, of course, paid. The time of issuance depends on the type of certificate. For instance, an EV (Extended Validation) SSL certificate can take more than five days since it involves verifying dоcuments confirming the activities of the organization. Overall, this product can help promote the website since it reduces failures when using the website.

Paid high level certificate is just a matter of prestige. For serious banks, large corporations. Yes, it provides insurance, in case of hacking, within certain amounts. But the vast majority of users do not need it.
That is why there is such a widespread free certificates, which are provided by the hoster. Hoster they do not cost anything, if you use certain software are updated without the participation of the user - convenient, right? And that's what attracts customers to hosting.
Lets encrypt and inexpensive certificates for online stores - that's what you need.

What do you want, money or safety? If it's the second - of course. It doesnt cost a lot and provides your site (which is DESIGNED for commercial buisness) with a better security.

Free certificates are easier to crаck, it's hard to say about positions from the point of view of SEO. If the site makes payments or stores user data, it is better, of course, to put a paid inexpensive certificate. Although the situation in Russia is very unstable now, many services stop working, here you need to carefully approach the choice.

When it comes to choosing between free Let's Encrypt certificates and paid options like GlobalSign AlphaSSL, several factors need to be considered.
Let's talk about the technical aspect. Free SSL certificates from Let's Encrypt are known for their reliability and security. With auto-renewal every 3 months, they provide continuous protection without manual intervention. However, the process of setting up auto-renewal requires some technical knowledge and configuration, which may pose a challenge for some website owners.

On the other hand, paid certificates like GlobalSign AlphaSSL offer the convenience of longer validity periods, typically for a year, and often come with dedicated customer support. This can be beneficial for website owners who prefer a set-it-and-forget-it approach and value timely customer service in case of any issues.

From an SEO perspective, using SSL has become a ranking factor for search engines like Google. Both free and paid certificates offer strong encryption, so there shouldn't be a direct impact on SEO based solely on the type of certificate used. What truly matters is the proper implementation of SSL to ensure all pages are served over HTTPS, regardless of the certificate type.

Financial transactions or not, having a secure connection is crucial for all commercial websites as it instills confidence in users and protects sensitive information. While free SSL certificates are suitable for most scenarios, some businesses may opt for paid certificates to align with their branding or customer expectations.
The decision between free and paid SSL certificates depends on individual needs, technical capabilities, and the level of support desired. Both options can effectively secure a website, but it's essential to weigh the technical considerations, support availability, and long-term cost implications before making a choice.

Purchasing a paid certificate for regular commercial websites ensures data encryption, increasing security and trust for users. It will also improve your search engine rankings as Google will prioritize his HTTPS sites. Additionally, it promotes credibility and professionalism, which is important to maintain customer trust and reduce cybersecurity risks.