SSL Certificates — Let's Encrypt Free vs Premium

<h2>What does SSL do?</h2><p>Encrypts traffic between the browser and server. Ensures the lock icon in the address bar and prevents browsers from displaying 'Not secure' warnings.</p><h2>3 types</h2><table><tr><th>Type</th><th>Validation</th><th>Price</th><th>When?</th></tr><tr><td><strong>DV (Let's Encrypt)</strong></td><td>Domain ownership check (DNS or HTTP)</td><td>Free</td><td>95% of customers — sufficient</td></tr><tr><td><strong>OV (Organization Validation)</strong></td><td>+ Chamber of Commerce + phone verification</td><td>€80/year</td><td>Companies that want to see 'Company Name' in the certificate</td></tr><tr><td><strong>EV (Extended)</strong></td><td>+ extensive business due diligence</td><td>€250/year</td><td>Banks, payment processors. Otherwise pointless since Chrome removed the green bar (2019)</td></tr></table><h3>When Wildcard?</h3><p>A wildcard certificate (*.yourdomain.nl) automatically covers all subdomains. Standard with IT Live if you have 3+ subdomains (api., shop., account., admin.). No extra costs — we handle DNS validation via Cloudflare API.</p><h3>Auto-renewal</h3><p>Let's Encrypt certificates are valid for 90 days. Our cron renews them every 60 days automatically. No action needed. You'll receive an email if renewal fails (rare, usually a DNS issue with another provider).</p><h3>HSTS — extra security</h3><p>We set the HSTS header automatically (browser remembers 'always HTTPS' for 1 year). For extra security, we can also request HSTS preloading — domain included in browser source code. Request via ticket, costs €25 one-time (manual submission).</p>