Website security

SSL certificates explained: why HTTPS matters for SEO and trust

What SSL/TLS is, why search engines and browsers flag sites without it, and exactly how to get a free certificate set up this afternoon.

Harry Sola · April 4, 2026

If your URL bar shows “Not Secure” next to your domain, the explanation is simple: you do not have an SSL/TLS certificate, and the browser is warning visitors. Here’s everything you need to know.

What SSL/TLS actually does

SSL (now technically TLS — Transport Layer Security) encrypts traffic between a visitor’s browser and your web server. Without it:

  • Anyone on the same Wi-Fi can see exactly what your visitor is typing
  • Browsers display a “Not Secure” warning
  • Forms, especially payment and contact forms, will be flagged or refused
  • Search engines downrank you

Why this matters for SEO

Google has confirmed HTTPS as a ranking signal since 2014. The signal is small relative to content quality, but it compounds — sites without HTTPS lose out on both rankings AND click-throughs (because the warning suppresses clicks).

In addition, AI search engines like Perplexity, ChatGPT, and Google AI Overviews preferentially cite pages on HTTPS sites. Sites without HTTPS are silently filtered out of AI-search responses in many cases.

Why it matters for trust

Imagine a prospect reaches your contact form. They see “Not Secure” in their browser. They have two interpretations:

  1. “This business is not careful with technology.”
  2. “I should not enter my phone number here.”

Either kills the lead.

How to fix it — for free

You have three good options:

1. Let’s Encrypt (free, automatic). If you self-host on a Linux box, the certbot tool installs a Let’s Encrypt cert in five minutes. Renews automatically every 90 days.

2. AWS Certificate Manager (free, automatic) + CloudFront. If you host static files on S3 + CloudFront (which is what we recommend for marketing sites), ACM issues and renews the cert for you. Validation is via DNS — usually done in under an hour.

3. Your hosting provider. Most modern managed hosts (Vercel, Netlify, Cloudflare Pages, Squarespace, Wix) include SSL automatically. If yours does not — that is a sign you should change hosts.

What to check after install

Three quick verifications:

  • Browser: load https://yourdomain.com and confirm the padlock icon
  • SSL Labs: https://www.ssllabs.com/ssltest/ — should report at least an “A” grade
  • 301 redirects: loading http://yourdomain.com should redirect to https://. If it does not, search engines and visitors can land on the insecure version

Common mistakes

  • Mixed content. Your page loads over HTTPS but pulls in scripts/images over HTTP. Browsers block these. Fix: change all asset URLs to HTTPS or protocol-relative.
  • Cert expired. Forgetting to renew. Modern setups auto-renew, but legacy installs need a calendar reminder.
  • Wrong domain on cert. The cert covers example.com but the visitor lands on www.example.com. Issue a wildcard cert or include both names.

If you don’t already have HTTPS in place — or if your cert is about to expire — run our free audit and we will tell you exactly which fix applies to your stack.

See exactly what is hurting your site — for free.

Run our free audit. PDF in your inbox in five minutes. No card. No spam.

Run my free audit Book a 20-min call