Why HTTPS is no longer optional in Senegal
In 2026, an e-commerce website without an SSL certificate is a dead e-commerce website. Chrome, Safari and Firefox display a big "Not secure" next to your URL the moment a visitor types their Wave or Orange Money number. The result: guaranteed cart abandonment.
In Dakar, I still see online stores running on plain HTTP. It is like opening a jewelry shop in Sandaga with no door — you are inviting thieves in.
What SSL actually protects
- Customer data: names, phone numbers, addresses, Wave numbers
- Admin and user passwords
- Session cookies — without SSL, an attacker on the same Sonatel Wi-Fi can steal them
- Your reputation — a customer who sees "Not secure" will never come back
Legal and business obligations
What the CDP (Senegal's Data Protection Commission) says
Law 2008-12 on personal data protection requires technical security measures. A site that collects email and phone number without encryption is in violation. Fines can reach 100 million FCFA for major breaches.
What payment processors require
- Wave Business API: HTTPS mandatory on webhooks
- Orange Money API: HTTP callbacks rejected in production
- Stripe / PayDunya / CinetPay: no partnership without a valid SSL
No HTTPS = no online payments. Full stop.
How to install SSL properly
Need a professional website?
Kolonell builds websites that attract clients, optimized for the Sénégalese market. Free quote in 2 minutes.
Option 1: Let's Encrypt (free, recommended)
- Free certificate, auto-renewed every 90 days
- Compatible with Vercel, Netlify, OVH, AWS, Hostinger
- On Vercel and Netlify, it is enabled by default — nothing to configure
Option 2: Paid SSL (EV / Wildcard)
- EV SSL (~300,000 FCFA/year): green bar in the browser, useful for banks and large brands
- Wildcard (~150,000 FCFA/year): covers all subdomains (*.kolonell.com)
- For a Dakar-based SME, Let's Encrypt is enough in 95% of cases
The mistakes I see every week
- Mixed content: site is on HTTPS but loads images over HTTP — the padlock disappears
- Forgotten 301 redirect from HTTP to HTTPS — Google indexes two versions
- Expired certificate not renewed — site becomes unreachable in 10 minutes
- Poorly configured HSTS — blocks older mobile browsers from loading the site
The Kolonell SSL checklist
- Active Let's Encrypt or paid certificate
- 301 redirect HTTP → HTTPS on all pages
- HSTS header enabled (max-age=31536000)
- No mixed content (use *Mixed Content Checker*)
- A or A+ rating on SSL Labs (ssllabs.com/ssltest)
- Auto-renewal tested
Move to HTTPS before you lose another customer
At Kolonell, every e-commerce site we ship is HTTPS-native, with Wave and Orange Money integrated and an A+ SSL Labs score from day one. If your store still runs on HTTP or shows mixed-content errors, we fix it within 48 hours.
Request a free quote or message me directly on WhatsApp +221 77 596 93 33. We secure your store this week.
Mohamed Ba
Fondateur, Kolonell
Passionate about digital and entrepreneurship in Africa, Mohamed has been helping Sénégalese businesses with their digital transformation since 2020. Founder of Kolonell, he believes every SME deserves a professional and accessible online présence.