Scale your agency & find long-term success with our Agency Partners Program!

Learn more
Menu 

Can I use Simple SSL for an eCommerce site?

Updated on April 30th, 2020

Simple SSL provides you with a domain validated SSL certificate issued through Let’s Encrypt™. If you’re wondering whether the level of security and encryption provided by a Simple SSL certificate is sufficient for an eCommerce site: the short answer is, “Yes.”

The long answer, however, is slightly more nuanced.

While the level of encryption that a domain validated SSL certificate offers is sufficient for just about any application, any time that you plan on handling sensitive user information such as credit card or bank account information on your website, it’s advisable to instead purchase an OV (Organization Validated) or, even better, an EV (Extended Validation) SSL certificate from a third-party provider rather than use a domain validated certificate.

There are two reasons for this recommendation:

First, Let’s Encrypt™ certificates do not carry any warranty or guarantees. Generally, OV and EV certificates purchased from third-party providers come with an extensive warranty and often even insurance in the unlikely event that anything goes wrong with the certificate.

Second, OV and EV certs carry a higher level of trust. Since anybody can get a domain validated certificate, these certs don’t do much to prevent spoofing. While they do encrypt user data, they don’t guarantee your users anything about the authenticity of your site or organization.

By contrast, OV and EV certs require much more than just a domain to obtain. There’s actually a strict vetting process that goes along with purchasing these certificates. Your site’s users can put a higher level of trust in your site knowing that it has one of these certificates. This is particularly true of an EV certificate, as it will have the green organization bar in the browser in addition to the standard padlock, such as on Target’s eCommerce site:

evcert

Again, just to reiterate: the level of encryption in a domain validated Simple SSL certificate itself is sufficient. Strictly speaking, you don’t need more than a regular domain validated certificate. There are many eCommerce sites that use them. But running a site that handles extremely sensitive user information isn’t a responsibility to take lightly, which is why we recommend the extra layer of security provided with an OV or, ideally, an EV cert whenever possible.

Was this article helpful?

Getting Started

New to Flywheel? Start here, we've got all the information you'll need to get started and launch your first site!

View all

Account Management

Learn all about managing your Flywheel user account, Teams and integrations.

View all

Billing

Everything about billing, invoices and payments can be found here.

View all

Features

Flywheel hosting plans include a ton of great features. Learn about how to get a free SSL certificate, set up a staging site, and more!

View all

Platform Info

All the server and setting info you'll need to help you get the most out of your Flywheel hosting plan!

View all

Site Management

Tips and tricks for managing your sites on Flywheel, including going live, troubleshooting issues and migrating or cloning sites.

View all

Flywheel help

Help is just a click away! Log into the Flywheel dashboard to instantly chat with an expert, open a ticket, or follow along with in-depth documentation. We happily offer support 24 hours a day, 7 days a week, 365 days a year!

Log in

Try Flywheel today

Launch your next WordPress site in minutes.

 Free migrations  24/7/365 support  14‑day demo sites