Guides · Security
What is SSL, and why your website needs HTTPS
The padlock, explained — what it does, what happens without it, and how to get one for free.
That little padlock in the address bar is SSL at work. It's the difference between
https:// and plain http://, and between a site visitors trust and one their
browser actively warns them away from. Here's what it actually is, why it's no longer optional, and how
to get it without paying a penny.
What SSL actually does
SSL (now technically TLS, though everyone still says SSL) encrypts the connection between a visitor's browser and your website. Without it, everything sent — passwords, card details, the contents of a contact form — travels in plain text that anyone on the same network can read. With it, that traffic is scrambled so only the two ends can read it. The padlock is the browser's way of saying “this connection is private, and the site is who it claims to be.”
Why you can't skip it any more
- Browsers shame sites without it. Chrome, Safari and Firefox mark plain HTTP pages as “Not secure”, and show a full-page red warning on any page with a login or payment field.
- Google ranks it. HTTPS has been a search ranking signal for years; HTTP sites are quietly disadvantaged.
- Customers notice. Even non-technical visitors have learned to distrust a missing padlock or a security warning — and a warning page is a guaranteed bounce.
- Some features require it. Modern browser capabilities (and many payment and login integrations) simply won't run over plain HTTP.
How to get a certificate — for free
You no longer need to buy an SSL certificate. Let's Encrypt issues them free, and good hosting installs and renews them automatically. The key word is automatically: certificates expire (typically every 90 days), and an expired certificate throws the same scary warning as having none at all. Auto-renewal means it never lapses without you noticing. If your host charges extra for a basic certificate, or makes you reinstall one by hand every few months, that tells you something about the host.
After you switch on HTTPS
Two finishing touches matter. First, force HTTPS so anyone typing the
http:// version is redirected to the secure one (you can generate the rule with our
.htaccess generator).
Second, fix any “mixed content” — images or scripts still loaded over http:// — which can
break the padlock even on an otherwise-secure page.
Check any site in seconds
Our free SSL & uptime checker reads a site's live certificate and tells you who issued it, when it expires, whether browsers trust it, and whether it covers your domain — plus whether the site is online and forcing HTTPS. Every Centaur site includes a free, auto-renewing certificate as standard, so the padlock is simply always there.
Get set up
Centaur does plainly-priced UK hosting and domains, with no lock-in and a real person on support.
More guides
- How to choose a domain name that works
- How much hosting do you actually need?
- Marketplace fees explained: what Amazon, eBay & Etsy really take
- Why your emails go to spam — and how to fix it
- How to price a product so you actually make money
- Wix, Squarespace or your own website? An honest comparison
- What is web hosting? A plain guide for beginners
- .com or .co.uk: which domain should you choose?
- How to move your website to a new host without downtime
- How to get professional email on your own domain
- How to start an online shop: a practical checklist