SSL Certificates Explained: Types, Installation and Troubleshooting

March 16, 2026 · 7 min read

SSL/TLS certificates encrypt browser-server communication, displaying the padlock icon. Beyond encryption, they authenticate identity and are a Google ranking factor.

What Is SSL?

A digital document binding a cryptographic key to a domain. During TLS handshake, the browser verifies the certificate is from a trusted CA, not expired, matches the domain, and establishes encryption. Without it, browsers show "Not secure" warnings and restrict features (geolocation, cameras, service workers) to HTTPS only.

🔒 Check your SSL

SSL Checker →

DV, OV, EV Types

DV (Domain Validation): Verifies domain control only. Minutes to issue, fully automatable. Same encryption as OV/EV. Perfect for most sites. Let's Encrypt issues free DV certs.

OV (Organization Validation): Verifies business legitimacy (1-3 days). Organization name in cert details. Good for business sites.

EV (Extended Validation): Most rigorous verification (1-2 weeks). Used by banks, governments. Browsers removed the green bar distinction but EV still provides highest identity assurance.

Let's Encrypt

Free, automated, open CA trusted by all browsers. Setup: sudo certbot --nginx handles validation, installation, and auto-renewal. Certificates expire every 90 days (designed for automation) — Certbot's cron/systemd timer handles renewal automatically.

Mixed Content

HTTPS page loading HTTP resources. Browsers block active mixed content (scripts) and warn on passive (images). Fix: use HTTPS or protocol-relative URLs, update database records, configure CDN for HTTPS, use Content-Security-Policy headers.

Renewal

Let's Encrypt: 90-day expiry, auto-renewed by Certbot. Commercial: 1-year max since 2020. Set alerts at 30 and 7 days. An expired cert effectively takes your site offline.

Key Takeaways

SSL/TLS mandatory — browsers penalize HTTP
Free DV certs provide the same encryption as paid EV
Let's Encrypt + Certbot = free automated management
Fix mixed content to avoid breaking HTTPS
Automate renewal to prevent outages

Related Tools

SSL Checker DNS Lookup

Frequently Asked Questions

SSL vs TLS?

SSL is the deprecated predecessor; TLS is current. "SSL certificate" is a habit term — it is actually TLS. All SSL versions have known vulnerabilities.

Do I need to pay?

No. Let's Encrypt provides free DV certificates trusted by all browsers with same encryption as paid certs. OV/EV paid certs add identity verification.

How often renew?

Let's Encrypt: 90 days (auto-renewed). Commercial: up to 1 year. Automation via Certbot is strongly recommended.

Why "Not Secure" with an SSL cert?

Common causes: mixed content (HTTP resources on HTTPS page), expired cert, domain mismatch, or missing intermediate certificates. Use an SSL checker to diagnose.