What is an SSL certificate and how does it connect to your domain?

Home / Everything About / Everything About Domains / What is an SSL certificate and how does it connect to your domain?

Ask anyone what is an SSL certificate and you will get a range of answers, from "the thing that makes HTTPS work" to "no idea, but I know sites need one." Both are closer to the truth than they might seem. An SSL certificate is the digital credential that encrypts the connection between a visitor's browser and a web server, and it is issued specifically for a domain name. It affects how your site appears in browsers, how search engines treat it, and whether visitors trust it enough to stay.

What is an SSL certificate?

An SSL certificate is a digital file installed on a web server that does two things. First, it encrypts the data traveling between a visitor's browser and your server, so that any information sent, including form submissions, login credentials, and payment details, cannot be read by anyone intercepting the connection. Second, it verifies that the server belongs to the domain it claims to belong to, so visitors can be confident they have reached the right site.

SSL stands for Secure Sockets Layer. The technology has been updated over the years and the current standard is technically called TLS (Transport Layer Security), but the term SSL has stayed in common use and most people, registrars, and hosting providers still call these certificates SSL certificates regardless of the underlying version.

When a certificate is installed and valid, browsers display a padlock icon in the address bar and load the site over HTTPS. That "S" at the end of HTTP is what SSL makes possible. Without a certificate, the connection is unencrypted, the address shows plain HTTP, and modern browsers display a "Not Secure" warning to visitors.

What does HTTPS mean and how does SSL make it work?

HTTP is the protocol browsers use to request and receive web pages. HTTPS is the same protocol with an encrypted layer on top, provided by an SSL certificate. Every time a visitor loads a page on a site that uses HTTPS, their browser and the server run a quick verification exchange. During this, the browser checks the SSL certificate, confirms it is valid and issued for the correct domain, and establishes an encrypted connection. After that, all data between the visitor and the server is scrambled in transit.

For visitors, this means that anything they type into a form, any page they browse, and any data the site sends back to their browser cannot be read by a third party watching that connection. For brand owners, it means the communication between the site and its visitors is private and secure by default.

The padlock icon in the browser address bar is the visible confirmation that HTTPS is active and the certificate is valid. A green or gray padlock means the connection is encrypted and the certificate has been verified. A broken padlock, a crossed-out padlock, or no padlock at all means the connection is unencrypted or there is a problem with the certificate.

How does an SSL certificate connect to your domain?

An SSL certificate is issued for a specific domain name. When a certificate authority, which is a trusted organization that issues and checks certificates, signs a certificate, it ties it to one or more domain names. A certificate issued for yourbrand.com covers that exact domain. It does not automatically cover the www version, subdomain variations, or any other domain unless those are explicitly included in the certificate.

This is the direct connection between SSL and your domain. The certificate is not installed on a generic server. It is issued for your domain name specifically, and the browser checks that the domain in the certificate matches the domain the visitor is trying to reach. If they do not match, the browser displays a security warning, regardless of whether the certificate itself is valid.

The previous chapter on protecting your domain from being hijacked covered account-level threats to your registration. SSL operates at a different layer, protecting what happens over the connection rather than who controls the domain registration. Understanding what a domain name is and how it functions as the address for your site helps make this connection clearer. The domain is the name the certificate is tied to, and both the name and the certificate need to be in order for the secure connection to work.

The relationship between your domain and where your site files are hosted is also relevant here. Because the certificate is installed on the server where your site lives, and the domain points to that server, the two need to be aligned. The chapter on domain vs. hosting covers how a domain name and a hosting account connect, which is the same infrastructure that makes SSL work in practice.

What are the types of SSL certificates?

SSL certificates come in three main validation levels. The difference between them is how thoroughly the certificate authority verifies the organization behind the domain before issuing the certificate.

Domain Validation (DV)

A Domain Validation certificate confirms that the person requesting it actually controls the domain. The certificate authority checks that they have access to the domain's DNS records or the email inbox associated with it. No verification of the organization's identity or legal existence is done. DV certificates are issued quickly, often automatically, and are the most common type for personal sites, blogs, and small brand websites. The padlock appears, the connection is encrypted, and visitors see HTTPS. For most sites, DV is sufficient.

Organization Validation (OV)

An Organization Validation certificate includes a check of the requesting organization's legal existence and contact details. The certificate authority looks at public records to confirm the organization is real and that the person requesting the certificate has the authority to do so. OV certificates are typically used by established brands and organizations that want a higher level of verified identity attached to their certificate.

Extended Validation (EV)

An Extended Validation certificate involves the most thorough verification process. The certificate authority checks legal registration, physical address, whether the organization is actively operating, and whether the person applying has the right to request it. EV certificates were historically associated with a green address bar in browsers, though most modern browsers have moved away from showing that visual distinction prominently. They are most common for financial institutions and e-commerce platforms where trust is a primary concern.

For a typical brand site, a DV certificate covers what you need. The encryption and the HTTPS padlock are identical across all three types. The difference is in the level of organizational identity that has been verified and attached to the certificate.

What happens to your site without an SSL certificate?

A site without an SSL certificate loads over plain HTTP. For visitors, the most visible consequence is the browser warning. Chrome, Firefox, Safari, and other major browsers display a "Not Secure" label in the address bar for any site that is not running HTTPS. On pages with forms or login fields, browsers may display a more prominent warning that actively discourages visitors from entering any information.

The trust signal this sends is significant. Visitors who see a "Not Secure" label are more likely to leave before reading anything. For a site that asks visitors to contact you, sign up for anything, or make a purchase, the absence of SSL directly affects how many of them follow through.

The SEO impact is also real. Google confirmed HTTPS as a ranking signal, meaning sites with SSL have a measurable advantage in search results over equivalent sites without it. The advantage is not enormous on its own, but combined with the higher bounce rates that come from browser warnings, a site without SSL is fighting an uphill battle on multiple fronts. This is covered in more detail in the section below.

How does SSL affect your search rankings?

Google has used HTTPS as a ranking signal since 2014. The signal itself gives a moderate ranking boost, but the downstream effects of not having SSL are often more significant than the signal itself. A site that triggers browser security warnings will see higher bounce rates, lower time on site, and fewer conversions. All of those behavior signals feed back into search performance over time.

Google's crawlers also prefer to index HTTPS versions of pages. If your site runs on both HTTP and HTTPS without proper configuration, you can end up with duplicate content issues, split link signals, and crawl confusion. Having SSL installed and configured correctly, with a redirect from HTTP to HTTPS, keeps all of those signals consolidated on one version of your site.

From a purely practical standpoint, HTTPS is now the baseline expectation for any site that wants to rank and be taken seriously by visitors. It is not a competitive advantage so much as the price of admission.

How do you get an SSL certificate?

There are three main ways to get an SSL certificate for your domain, and the right option depends on where your site is hosted and what your hosting setup looks like.

Through your hosting provider or website platform

If your site is hosted on a platform or with a hosting provider, the most straightforward path is through them. Many hosts and website platforms include SSL as part of their offering and handle the installation automatically. When you connect your domain to your hosting account, the certificate is issued and configured without you needing to do anything manually. This is the path that causes the least friction and the fewest configuration errors.

Through your domain registrar

Some domain registrars offer SSL certificates as an add-on to domain registration. You purchase the certificate through the same dashboard where your domain is registered, then install it on your server or follow the instructions the registrar provides. The process is more hands-on than getting SSL through a host that automates it, but it is a straightforward option for people who manage their own server. The chapter on how to register a domain is a useful reference for understanding what registrars typically offer alongside registration.

Free SSL through Let's Encrypt

Let's Encrypt is a free, automated certificate authority that issues DV certificates at no cost. It was created to make SSL accessible to every site on the internet, and it has succeeded. The majority of web hosts support Let's Encrypt either natively or through integrations, and many configure it automatically when you connect a domain. The certificates are renewed automatically every 90 days, which removes the risk of a certificate expiring and causing browser warnings.

When should you use a free SSL certificate vs. a paid one?

For most brand websites, a free Let's Encrypt certificate covers everything needed. The encryption is identical to paid certificates. The padlock appears. The HTTPS protocol works. Visitors see a secure site. If your host supports Let's Encrypt and configures it automatically, there is no reason to pay for a certificate just to get the same DV-level protection.

Paid certificates make sense in specific situations. If you need an OV or EV certificate for organizational verification, that requires a paid certificate because Let's Encrypt only issues DV. If you are managing a large-scale e-commerce site, a financial service, or any platform where the identity of the organization behind the site is a meaningful trust factor for users, the additional verification that comes with OV or EV is worth the cost.

Paid certificates also often come with features like a warranty, which is a financial guarantee in the unlikely event of a certificate error causing a security issue, and more detailed customer support. For a small brand site or a content-focused website, these extras rarely add practical value. For a site handling large transaction volumes, the warranty and support access may be relevant.

SSL certificate renewal and what happens when a certificate expires

SSL certificates have an expiry date. Standard certificates are valid for up to 13 months (around 397 days). When a certificate expires, browsers immediately display security warnings to every visitor, regardless of how the site looked the day before. The padlock disappears, the "Not Secure" label appears, and visitors see prominent error pages warning them the site's certificate has expired.

This is a fast way to lose visitor trust and organic traffic. Certificate expiry warnings are also picked up by monitoring tools and can trigger notifications from search console or uptime monitoring services if you have them configured.

The practical solution is the same as with domain expiry. Automate the renewal. Let's Encrypt certificates renew automatically every 90 days if the host has configured the renewal process correctly. Many paid certificate providers offer auto-renewal as well. If you are managing your own certificate, set a calendar reminder well before the expiry date so you have time to renew and reinstall without any gap in coverage.

What is a wildcard SSL certificate?

A standard SSL certificate covers a specific domain and optionally the www version. A wildcard certificate covers the root domain and all of its subdomains at once. A wildcard for yourbrand.com would also cover shop.yourbrand.com, blog.yourbrand.com, app.yourbrand.com, and any other subdomain you create, without needing a separate certificate for each one.

Wildcard certificates are useful for brands running multiple services or sections of a site on different subdomains. The chapter on custom domains vs. subdomains covers when subdomains make sense and how they relate to your main domain, which is the context in which wildcard certificates become relevant.

For a straightforward brand site running on a single domain with a www version, a standard certificate is sufficient. Wildcard is a practical step up when your domain structure involves multiple active subdomains.

How WEMASY handles SSL

WEMASY includes SSL on all sites hosted on the platform. When you connect a domain to your WEMASY site, an SSL certificate is issued and configured automatically. The HTTPS redirect is set up by default, so the domain resolves securely without manual configuration. Certificate renewal is handled on the platform side, so there is no expiry date to track or renewal process to manage.

For domains registered or connected through WEMASY, the certificate covers the domain you have configured. See what is included in each plan at WEMASY pricing.

Frequently asked questions

Does an SSL certificate protect my site from being hacked?

Can I have SSL on one page but not others?

Will my existing links break if I switch from HTTP to HTTPS?

Do I need a separate SSL certificate for each domain extension I own?

What is the difference between SSL and domain privacy protection?

My SSL certificate is showing as valid but visitors still see a security warning. What causes that?

The next chapter covers 301 redirects, including what they are, how they work, and when you need one to move traffic and link value from one URL to another.