SSL Certificates Explained for Non-Technical Business Owners

If you own a small business with a website, you've heard the term "SSL certificate" — probably from your web developer, your hosting provider, or a salesperson trying to sell you one. Here's what it actually means, in plain English, without the technical jargon.

Start Here: The Padlock

You've seen the small padlock icon in your browser's address bar when you visit websites. That padlock is the visible sign that a website has an SSL certificate installed and working correctly.

When the padlock is present, two things are true:

1. The website you're connected to is who it claims to be
2. The information you send to that website is scrambled in a way that only that website can read

When the padlock is missing — and the browser shows "Not Secure" instead — neither of those things is guaranteed.

That's SSL. It's a lock on the connection between your customer's browser and your website.

Why Does Your Business Need One?

Your customers expect it. Surveys consistently show the large majority of online shoppers won't enter their details on a website that isn't secure. Even if your website isn't an online store, customers entering their name and email address into a contact form are looking for that padlock.

Google requires it. Google Chrome (which most Australians use) marks HTTP websites as "Not Secure" in the address bar. Google's search algorithm also gives preference to HTTPS websites in search rankings. A website without SSL is penalised twice — once in trust and once in visibility.

Your hosting provider probably includes it. Most Australian web hosts — Crazy Domains, SiteGround, WP Engine, and others — include a free SSL certificate with their hosting plans. You may already have one and not know it.

It's legally relevant. If you collect any personal information from customers — even just email addresses — you have obligations under the Privacy Act 1988. Transmitting that data in an unencrypted form over the internet is an unnecessary risk that privacy regulators take seriously.

What Does an SSL Certificate Actually Contain?

An SSL certificate is a small digital file that contains:

• Your domain name (e.g., mybusiness.com.au)
• Your organisation's details (for premium certificates)
• The certificate's expiry date
• The digital signature of the company that issued it (the Certificate Authority)
• A public key used for the encryption

When someone visits your website, their browser reads this file and checks it against a list of trusted authorities. If it checks out, the connection is secured and the padlock appears.

The Three Types of SSL Certificates

Free DV (Domain Validated) The most common type. Proves you control the domain. Let's Encrypt issues these free of charge. Your hosting provider almost certainly uses these. They're trusted by all browsers and provide the same encryption strength as expensive alternatives.

For most Australian small businesses, this is the right choice.

Paid OV (Organisation Validated) The Certificate Authority verifies your business exists (ABN, business registration). Takes 1–3 days. Shows your company name in the certificate details.

Useful if your business depends on high customer trust — legal firms, financial advisers, healthcare providers.

Paid EV (Extended Validation) The strictest verification. Previously showed a green address bar in browsers (that feature was removed in 2019). Now mainly purchased for compliance reasons.

Generally not necessary for small businesses.

How Long Does an SSL Certificate Last?

SSL certificate validity periods are being progressively shortened by industry policy (the CA/Browser Forum voted in March 2025 to reduce maximum validity). As of 2026, certificates are valid for up to approximately 200 days, with further reductions planned in coming years. Certificates from Let's Encrypt (the free option used by most hosts) last 90 days and are automatically renewed.

The automatic renewal is where problems happen. Automatic renewals rely on:

• Your web server being configured correctly
• Your hosting account being active and paid
• No DNS changes that break the renewal process
• Your hosting provider's renewal service working without errors

When any of those fail, the renewal doesn't happen. The certificate expires. Your website starts showing security warnings to every visitor.

What Happens When It Expires

The moment your certificate expires:

• Every browser immediately shows a full-page security warning
• Visitors can't access your site without clicking through the warning (most won't)
• Google may flag your site as dangerous
• Your contact forms and checkout stop working properly
• You lose customer trust — even after you fix it

Fixing an expired certificate is usually straightforward (it takes an hour in most cases), but the damage during that window is real.

What You Should Ask Your Web Developer

If you don't manage your own website:

1. "Do we have an SSL certificate?" — Look for the padlock on your site.
2. "When does it expire?" — Ask your developer or log into your hosting control panel.
3. "Is auto-renewal set up?" — Most hosts handle this, but it's worth confirming.
4. "Who gets notified if it fails?" — The notification should go to someone who will act on it, not just a billing email.

The Simplest Protection

The simplest thing you can do to ensure your SSL certificate never lapses is to set up automated monitoring. A tool like CertGuard checks your certificate every 6 hours and sends you an email if it's about to expire — giving you 30 days' warning before anything affects your visitors.

It takes 2 minutes to set up, covers up to 3 domains for free, and means you don't have to rely on your developer remembering to check.

Start protecting your website in 2 minutes — no credit card required.