SSL/HTTPS: non-negotiable in 2026, and free is enough in 95% of cases
Since 2018, Chrome flags HTTP sites as "Not secure". Since 2024, Google confirmed HTTPS as a direct ranking signal. In 2026, a site without a valid SSL certificate is no longer viable — not for SEO, not for user trust, not for online payments (Wave, Stripe, Orange Money refuse non-HTTPS endpoints).
The good news: Let's Encrypt, free and automatic since 2016, is enough for 95% of sites. Paid certificates only make sense in specific cases (banking OV/EV, multi-domain wildcards in large companies, contractual SLAs).
The 3 SSL certificate types
DV (Domain Validation) — most common, free or paid
- Validation: proof you control the domain (DNS TXT or HTTP file)
- Issued in: 1-10 minutes
- Browser display: standard padlock
- Use case: 95% of sites — showcases, blogs, SME e-commerce
- Price: free (Let's Encrypt, ZeroSSL, Cloudflare Origin) or 6,000-25,000 FCFA/year (Sectigo, RapidSSL, Namecheap PositiveSSL)
OV (Organization Validation) — verifies the company
- Validation: DV + business registry and company identity check (3-7 days)
- Browser display: padlock + company name visible on click
- Use case: corporate companies, institutional sites, premium B2B
- Price: 30,000-90,000 FCFA/year at Sectigo, DigiCert, GlobalSign
EV (Extended Validation) — reinforced verification
- Validation: OV + reinforced procedure (5-10 days, legal audit)
- Browser display: since 2019, Chrome and Firefox no longer show the distinctive green bar — EV lost its visual edge
- Use case: banks, insurance, high-volume payments, e-commerce >50M FCFA/month
- Price: 100,000-400,000 FCFA/year at DigiCert, GlobalSign, Sectigo
Wildcard and multi-domain
- Wildcard: covers
*.yourdomain.com(all subdomains). Free at Let's Encrypt (DNS challenge), 30,000-80,000 FCFA/year at Sectigo, 60,000-150,000 FCFA/year at DigiCert. - SAN/Multi-domain: covers several distinct domains (mydomain.com + myotherdomain.sn). Useful for groups, multiple brands.
Let's Encrypt — the free one that covers 95% of cases
How it works
- Launched in 2016 by ISRG (Internet Security Research Group)
- 100% free, unlimited number of certificates
- DV validation only (sufficient for most cases)
- Auto-renewal every 90 days via ACME (certbot, acme.sh, Caddy, Traefik)
Installation
- Cloudflare: SSL/TLS → free Universal SSL auto, 0 config
- Hostinger / OVH / SiteGround / Cloudways: "Let's Encrypt" button in panel, 1 click
- Linux VPS:
certbot --nginx -d yourdomain.comorcaddy run(auto) - WordPress: Really Simple SSL plugin or via host
Limits
- No OV nor EV
- No financial warranty (most paid certificates offer one, generally illusory in practice)
- Mandatory renewal every 90 days (but auto-renewable, so transparent)
Paid certificates — when are they justified
Sectigo (ex-Comodo) — cheap paid
- DV PositiveSSL: 6,000-12,000 FCFA/year
- OV InstantSSL: 30,000-60,000 FCFA/year
- Wildcard PositiveSSL: 50,000-90,000 FCFA/year
- Often bundled free in host cPanel packs
DigiCert — premium reference
- OV: 90,000-150,000 FCFA/year
- EV: 200,000-400,000 FCFA/year
- Top reputation, 1-2M USD financial warranty, 24/7 support
- De facto standard for banks and institutions
GlobalSign — credible alternative to DigiCert
- OV: 80,000-130,000 FCFA/year
- EV: 180,000-350,000 FCFA/year
- Good for European and African enterprises
Cases justifying paid
- Bank or insurance: EV to reassure customers + contractual warranty
- Public tender or large account: spec requiring OV/EV
- PCI-DSS level 1 audit: OV certificate often required
- Complex multi-site setups: paid wildcard if DNS management outside Cloudflare is hard
For 95% of sites — SME showcases, blogs, standard Senegalese e-commerce — Let's Encrypt is more than enough.
SSL comparison table 2026
Need a professional website?
Kolonell builds websites that attract clients, optimized for the Sénégalese market. Free quote in 2 minutes.
| Type | Provider | Price FCFA/year | Validation | Use case |
|---|---|---|---|---|
| DV | Let's Encrypt | 0 | Automatic | 95% of sites |
| DV | ZeroSSL | 0 | Automatic | Alternative to LE |
| DV | Cloudflare Universal SSL | 0 | Automatic | Sites behind Cloudflare |
| DV | Sectigo PositiveSSL | 6-12,000 | Automatic | Brand marketing |
| OV | Sectigo InstantSSL | 30-60,000 | 3-7 days | Basic corporate |
| OV | DigiCert | 90-150,000 | 5-7 days | Premium corporate |
| EV | DigiCert | 200-400,000 | 7-10 days | Bank, insurance |
| Wildcard DV | Let's Encrypt | 0 | DNS challenge | Multi-subdomain |
| Wildcard OV | Sectigo | 50-90,000 | 5-7 days | Corporate multi-subdomain |
Installation: 3 paths
Path 1 — Cloudflare Universal SSL (default recommendation)
- Point DNS to Cloudflare (nameservers or CNAME)
- SSL/TLS → "Full (strict)" or "Flexible" mode depending on origin
- Universal SSL enabled automatically, 0 config
- Free Cloudflare Origin Certificate for the origin server (15 years)
Path 2 — Host (Hostinger, OVH, SiteGround, Cloudways)
- Host panel → SSL → Let's Encrypt → enable
- 1-5 minutes, auto-renewal handled
- Verify the site loads on HTTPS, configure 301 HTTP→HTTPS redirect
Path 3 — Manual Linux VPS (NGINX/Apache + certbot)
`bash
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
sudo systemctl enable certbot.timer
`
Auto-renewal via cron or systemd timer. Caddy does everything in one line caddy run.
SEO and trust impact
- SEO: Google confirmed HTTPS as a direct ranking signal since 2014, reinforced since 2024. An HTTP site is penalized.
- Browsing: Chrome flags any HTTP as "Not secure", Firefox shows a crossed-out padlock. Bounce rate +30 to +60%.
- Conversion: payment funnels and forms without HTTPS = mass abandonment. Wave, Stripe, Orange Money refuse non-HTTPS endpoints.
- Cookies: since 2024, cookies without
SecureandSameSiteare rejected cross-site on HTTP.
At Kolonell, SSL is configured automatically on 100% of sites we deliver (Cloudflare Universal SSL or Let's Encrypt depending on stack), with 301 HTTP→HTTPS redirect and HSTS headers.
FAQ
Is Let's Encrypt really free and reliable?
Yes, 100% free, reliable, used by more than 400 million sites worldwide in 2026 (Wikipedia, GitHub, Meta, many Fortune 500). No technical reason to pay for a DV in 2026 except specific regulatory cases.
What is the difference between DV, OV and EV?
DV only verifies you control the domain (5 min). OV additionally verifies the company's legal identity (3-7 days). EV adds reinforced procedure (5-10 days, legal audit). Since 2019, Chrome and Firefox no longer visually differentiate DV from EV — EV lost its commercial appeal.
My site works in HTTP, why move to HTTPS?
1) Google SEO penalizes HTTP, 2) Chrome shows "Not secure" and scares 30-60% of visitors away, 3) all online payments require HTTPS, 4) modern cookies no longer work cross-site on HTTP. Migration: 1-3 h for a standard WordPress site.
How do I verify my SSL certificate is properly installed?
Tools: ssllabs.com/ssltest (A to F rating), curl -I https://yourdomain.com, browser padlock → "Valid certificate". If B or C grade, tune ciphers and enable HSTS.
Is wildcard SSL free at Let's Encrypt?
Yes, since 2018 Let's Encrypt issues wildcards via DNS challenge (TXT record). Setup is more technical (acme.sh + DNS plugin) but 100% free. Otherwise, separate certificates per subdomain, also free.
Let's talk SSL
Want to audit your current SSL certificate or migrate your site to HTTPS cleanly? WhatsApp +221 77 596 93 33.
Mohamed Bah
Fondateur, Kolonell
Passionate about digital and entrepreneurship in Africa, Mohamed has been helping Sénégalese businesses with their digital transformation since 2020. Founder of Kolonell, he believes every SME deserves a professional and accessible online présence.
