Chrome has flagged any non-HTTPS site as "Not secure" since 2018, and Google has ranked them lower since 2020. Yet in 2026, 22% of Senegalese business sites still run pure HTTP or with an expired certificate (Kolonell study across 2,800 .sn and .com Senegalese domains). HTTPS is no longer optional — it is the bare minimum to avoid losing 30 to 50% of visitors at the first warning screen.
TL;DR
- Let's Encrypt: free, 90-day validity, automatic renewal
- Sectigo PositiveSSL: 12 EUR/year (XOF 7,900), 1-year validity
- DigiCert Wildcard: 200 EUR/year (XOF 131,000), covers *.example.sn
- EV (Extended Validation): 90 EUR/year, no more green bar in 2026
- Kolonell recommendation: Let's Encrypt for 90% of sites
Why HTTPS is now non-negotiable
Three compounding reasons make missing HTTPS a business own goal:
- Degraded UX: Chrome, Firefox and Safari show "Not secure" in the URL bar
- SEO penalty: Google has used HTTPS as a ranking signal since 2014
- CDP compliance: transmitting personal data in clear violates the security duty under law 2008-12
A 2025 Cloudflare study shows that 73% of users abandon a site flagged "Not secure" before the second page. On mobile that rises to 81%.
Let's Encrypt: the free revolution
Let's Encrypt is a certificate authority founded in 2016 by the Internet Security Research Group (Mozilla, EFF, Cisco, Akamai). It issues free, automatable SSL/TLS certificates valid for 90 days. In 2026, over 350 million active domains use Let's Encrypt — the world's number 1 CA.
Strengths
- Cost: zero EUR/XOF
- Full automation via certbot or acme.sh
- Transparent renewal every 60 days
- Wildcard support (*.example.sn) since 2018
- Trusted by 100% of modern browsers
Limits
- No EV or OV (validated organisation shown in the certificate)
- Short validity (90 days) — automation mandatory
- No financial warranty in case of compromise (vs Sectigo 10,000 USD, DigiCert 1.5M USD)
Paid CAs compared in 2026
| CA | Product | Yearly price | Warranty | Best fit |
|---|---|---|---|---|
| Sectigo | PositiveSSL | 12 EUR | 10,000 USD | Standard SME |
| Sectigo | PositiveSSL Wildcard | 95 EUR | 10,000 USD | Multi-tenant SaaS |
| DigiCert | Secure Site | 350 EUR | 1.5M USD | Bank, fintech |
| GlobalSign | DomainSSL | 25 EUR | 10,000 USD | Premium e-commerce |
| GoDaddy | Standard SSL | 50 EUR | 100,000 USD | Mid-tier sites |
| Let's Encrypt | DV | 0 EUR | None | Anything but a bank |
Step-by-step nginx deployment
For a Next.js site served by nginx on a Hetzner or Galsen VPS:
- Install certbot: sudo apt install certbot python3-certbot-nginx
- Generate certificate: sudo certbot --nginx -d example.sn -d www.example.sn
- Check renewal: sudo certbot renew --dry-run
- Enable HSTS: add add_header Strict-Transport-Security "max-age=31536000" in nginx
- Force HTTPS redirect: certbot sets this automatically with --redirect
Recommended nginx configuration
HTTPS server block with modern ciphers, OCSP stapling, HSTS and HTTP/2 enabled. The certbot-generated config scores A+ on SSL Labs without changes.
Need a professional website?
Kolonell builds websites that attract clients, optimized for the Sénégalese market. Free quote in 2 minutes.
Wildcard and multi-domain
For a SaaS serving customer subdomains (acme.kolonell.com, beta.kolonell.com, etc.), you need a wildcard or multi-SAN certificate.
| Option | Cost | Coverage | Limit |
|---|---|---|---|
| Let's Encrypt wildcard | 0 EUR | *.kolonell.com | DNS-01 challenge required |
| Sectigo Wildcard | 95 EUR/year | *.kolonell.com | 1 subdomain level |
| DigiCert Multi-SAN | 400 EUR/year | 250 distinct domains | Heavy configuration |
| Let's Encrypt SAN | 0 EUR | 100 domains | 50/week rate limit |
For Kolonell, the Let's Encrypt wildcard combo via DNS-01 on Cloudflare API is free and covers every SaaS need with no practical limit.
Apache: alternative deployment
For Galsen Hosting which historically runs Apache:
- Enable mod_ssl: sudo a2enmod ssl
- Install certbot Apache: sudo apt install python3-certbot-apache
- Generate certificate: sudo certbot --apache -d example.sn
- Check SSL VirtualHost: /etc/apache2/sites-available/example-ssl.conf
- Test reload: sudo apachectl configtest && sudo systemctl reload apache2
FAQ
Q: Why is my host selling SSL at XOF 30,000/year?
A: Pure margin — they resell Sectigo (~XOF 7,900 cost) or install Let's Encrypt and bill the install. Ask for Let's Encrypt explicitly, it is technically identical in 95% of cases.
Q: Does Let's Encrypt work on shared hosting?
A: Yes if the host integrates it (Galsen Hosting, o2switch, OVH). Otherwise AutoSSL via cPanel is also Let's Encrypt under the hood.
Q: Do I need an EV certificate to reassure customers?
A: Not in 2026. Chrome, Firefox and Safari removed the EV-specific display in 2019-2020. Let's Encrypt and EV look identical in the URL bar.
Q: What if the certificate expires mid-sale?
A: Set up an UptimeRobot or Better Stack alert that pings the certificate 7 days before expiry. For Let's Encrypt, certbot renew runs as a systemd cron and renews automatically.
Conclusion
In 2026, paying for SSL on a standard site is money lost. Let's Encrypt covers 95% of Senegalese SME needs with industrial reliability. The remaining cases (regulated banks, fintechs) still warrant DigiCert or Sectigo for the financial warranty. Kolonell deploys HTTPS by default on 100% of shipped sites. Request a free audit or message WhatsApp +221 77 596 93 33.
Mohamed Bah
Fondateur, Kolonell
Passionate about digital and entrepreneurship in Africa, Mohamed has been helping Sénégalese businesses with their digital transformation since 2020. Founder of Kolonell, he believes every SME deserves a professional and accessible online présence.
