SSL/TLS

SSL/TLS is a security technology that encrypts the connection between your website and its visitors, so that the data sent cannot be read by third parties.

The easiest sign to recognize: the website URL starts with https:// and there is a lock icon (🔒) in the browser.

Simple analogy

Imagine you are sending a letter containing important information. Without SSL, the letter was sent open — anyone who found it on the street could read it. With SSL, the letter is put into a locked safe that only the sender and recipient can open.

The same thing happens every time a visitor fills out a form, logs in, or enters a credit card number on your website.

SSL and TLS — What's the Difference?

Technically, TLS (Transport Layer Security) is a newer and more secure version of SSL (Secure Sockets Layer). SSL itself has not been used for a long time.

But because the term "SSL" has already become popular, almost everyone — including hosting providers — still calls it SSL even though what is actually running behind the scenes is TLS.

So if you see the words "Free SSL" on the hosting package page, it means the latest version of TLS. No need to be confused.

How It Works (Simplified Version)

Every time a visitor opens your website, a "handshake" occurs between the browser and the server in a fraction of a second:

1. The browser requests the server identity 2. The server sends SSL certificate as "digital KTP"
2. The browser verifies whether the certificate is valid and trusted
3. The encrypted connection is initiated

All of this process is automatic — visitors don't feel it at all.

Why is this important for your website?

1. Visitor trust Browsers such as Chrome will display a "Not Secure" warning on websites without SSL. For ordinary visitors, the warning is enough to make them immediately close the tab.

2. Mandatory for online transactions If your website accepts payments, collects user data, or has a login form — SSL is not optional, it is mandatory.

3. Impact on SEO Google officially makes HTTPS a ranking signal. Websites without SSL are at a more disadvantageous position than competitors who already use HTTPS.

Types of SSL Certificates

For most small-medium business websites in Indonesia, free DV SSL from Let's Encrypt is more than enough.

Free vs Paid SSL — Need an Upgrade?

Almost all hosts now include Let's Encrypt for free. This certificate is valid, trusted, and used by hundreds of millions of websites in the world.

You should consider paid SSL only if:

• You need Wildcard SSL and your hosting doesn't provide it for free
• Your website is a large-scale e-commerce that requires OV/EV for regulatory or enterprise trust reasons

For blogs, landing pages, or company profile websites — Let's Encrypt is enough.

What You Need to Pay Attention to

• Check expiration date — SSL certificates are valid from 90 days (Let's Encrypt) to 1 year. Good hosting updates this automatically. Make sure the auto-renewal feature is active.
• Mixed content — Websites can still display "Not Secure" even though SSL is installed, if there are elements (images, scripts) that are still loaded via http://. This needs to be checked and corrected.
• Redirect HTTP to HTTPS — Ensure that visitors accessing http:// are automatically redirected to https://. In WordPress, it can be managed via a plugin or .htaccess file.

FAQs

Does SSL slow down a website? Previously yes, but now it's not significant. The latest version of TLS is actually faster than the old version, and the impact on loading speed is almost unnoticeable.

How ​​do I install SSL in cPanel? Go to cPanel → look for the SSL/TLS or Let's Encrypt SSL menu → select the domain → click Issue. The process is usually completed within a few minutes.

SSL is active but "Not Secure" still appears — why? Most likely you are experiencing mixed content. Check with tools like WhyNoPadlock.com to find the remaining http:// elements.