HomeKnowledgebase

How to Get a Free SSL Certificate (HTTPS) for Your Site

Back to Knowledgebase
Domains 3 min read 2 views Updated Jun 2026

HTTPS is no longer optional. Browsers mark plain http sites as "Not Secure", and search engines prefer secure ones. The good news: a valid SSL certificate is free, and on most hosting you can enable it in a couple of clicks. Here is how.

What SSL actually does

An SSL/TLS certificate encrypts the connection between your visitor and your server, so passwords, form data and payment details cannot be read in transit. It also shows the padlock and lets your site load over https:// instead of http://. It does not, on its own, make your site impossible to hack; it secures the connection, not the application.

Option A: One-click in your control panel (easiest)

Most modern hosting includes free Let's Encrypt certificates:

  1. Log in to your control panel.
  2. Open the SSL or Let's Encrypt section.
  3. Select your domain and click Issue or Install.
  4. Wait a minute for it to activate.

That is it. Your site now loads over https and the certificate renews itself.

Option B: Let's Encrypt on a VPS with Certbot

If you manage your own server, Certbot issues and renews certificates for free:

sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Certbot edits your web server config and sets up automatic renewal. Use python3-certbot-apache if you run Apache.

Your domain must already point to the server before you can issue a certificate, because the certificate authority verifies that you control the domain. See How to point your domain to Vastrox.

Force https for every visitor

A certificate alone does not redirect http to https. Once SSL works, turn on a redirect so everyone lands on the secure version. Most control panels have a "Force HTTPS" toggle, and on WordPress a small config flag or plugin handles it.

Fixing the "mixed content" warning

If the padlock shows a warning after you enable SSL, the page is loading some resources over http, often hard-coded image or script URLs. Update those links to https or use relative paths. On WordPress, a search-and-replace of http://yourdomain to https://yourdomain in the database clears most of them.

FAQ

Is a free SSL certificate as good as a paid one?

For encryption, yes. Let's Encrypt certificates use the same strong encryption as paid ones. Paid certificates mainly add organization validation and warranties that most sites do not need.

How often do I renew it?

Let's Encrypt certificates last 90 days and renew automatically when set up through a control panel or Certbot, so you should not have to think about it.

Why does my site still say "Not Secure"?

Either the certificate is not installed for that exact domain, the page loads mixed http content, or you are not redirecting to https. Work through those three.

Want it handled for you? Vastrox sites include free auto-renewing SSL. Talk to support if you need a hand enabling it.

Was this guide helpful? Our engineers are here 24/7 if you get stuck.
All guides Contact support