SSL/TLS Basics Every Site Owner Should Know
Every modern website needs HTTPS, but the terminology around it confuses a lot of site owners. Here is a plain-English breakdown.
SSL vs TLS — what is the difference?
SSL (Secure Sockets Layer) is the original protocol, introduced in the 1990s. It has been deprecated since 2015 due to known vulnerabilities. TLS (Transport Layer Security) is its successor — TLS 1.2 and TLS 1.3 are what actually encrypt your traffic today.
The padlock you see in the browser address bar represents a valid TLS certificate, not SSL. The industry still calls it “SSL” colloquially, but the underlying protocol is TLS.
What does a certificate actually do?
A TLS certificate does two things:
- Encryption — scrambles data in transit so an attacker intercepting the connection cannot read it.
- Authentication — proves the server you connected to is actually the server it claims to be (via a trusted Certificate Authority signature).
Without HTTPS, passwords, form submissions, and session cookies travel as plain text.
Let’s Encrypt and automatic renewal
HOSTEMCLOUD provisions Let’s Encrypt certificates automatically for every domain pointed to your account. Let’s Encrypt certificates are valid for 90 days. The server renews them at day 60, so you should never see an expiry warning.
If you bring your own certificate (DV, OV, or EV), you can install it via the cPanel SSL/TLS manager. Renewal reminders are sent to your account email 30 days before expiry.
TLS 1.3 — why it matters
All HOSTEMCLOUD servers negotiate TLS 1.3 when the client supports it. TLS 1.3 cuts the handshake from two round-trips (TLS 1.2) to one, which reduces connection setup time by roughly 100ms on typical latency. It also removes cipher suites that have known weaknesses, so older attack vectors (POODLE, BEAST) do not apply.
Quick checklist
- HTTPS is forced (HTTP redirects to HTTPS) — toggle in cPanel → Domains → Force HTTPS
- Your certificate covers both
yourdomain.comandwww.yourdomain.com - No mixed-content warnings in the browser console
- HSTS header is set (available via
.htaccessor cPanel → Security headers)