SSL Certificate: Free atau Paid?
Domain bisnis tanpa HTTPS = ditolak browser modern. Pilih SSL cert yang tepat.
Let's Encrypt (Free, Recommended)
- Issuer: Internet Security Research Group (ISRG)
- Validity: 90 hari (auto-renew via certbot)
- Type: DV (Domain Validation)
- Cost: GRATIS
Pros: - 100% gratis - Trusted oleh semua browser modern - Auto-renewal mature (certbot, acme.sh) - Wildcard support (*.domain.com)
Cons: - DV only — ga ada brand badge di address bar (modern browsers ga show siapa-siapa) - Renewal tiap 90 hari (kalau auto-renew gagal, downtime)
Use Case: - 95% bisnis online - Personal site - Side project - Subdomain unlimited
Cloudflare Universal SSL (Free)
- Type: DV via CF
- Auto-renew: handled by CF
- Catch: domain harus pake CF DNS (free plan OK)
Pros: zero config, instant Cons: cuma kalau domain sudah di CF
Paid SSL (DigiCert, Sectigo, GeoTrust)
OV (Organization Validation) — $50-200/year
- Verify perusahaan (bukan cuma domain)
- Brand muncul di cert details (browser ga show by default tapi visible kalau klik gembok)
- Use case: bisnis B2B, bank, fintech, e-commerce besar
EV (Extended Validation) — $200-500/year
- Verifikasi paling ketat (legal entity, physical address, operational history)
- Dulu trigger green address bar — sekarang udah tidak (browser remove di 2019-2020)
- Use case: bank, payment gateway, BUMN
Wildcard vs Multi-Domain
- Wildcard
*.domain.com: cover unlimited subdomain (mail.domain.com, shop.domain.com, dll) - Multi-domain (SAN): cover multiple domains in 1 cert (domain.com + domain.id + domain.xyz)
- Pricing: wildcard biasanya $50-200 paid, atau gratis Let's Encrypt
Setup Let's Encrypt (Recommended Default)
# Ubuntu/Debian
sudo apt install certbot python3-certbot-nginx
sudo certbot --nginx -d domain.com -d www.domain.com
# Auto-renew via cron (built-in by certbot)
sudo systemctl enable certbot.timer
sudo systemctl start certbot.timer
# Test renew
sudo certbot renew --dry-run
Common Mistakes
- Lupa renew: site lo tiba-tiba unsafe warning. Set monitoring expiry (mis. lewat Nawala Deep Check)
- Mismatch hostname: cert untuk
www.domain.comdoang tapi user aksesdomain.com→ error - Mixed content: HTTPS page load HTTP resource → browser block
- HSTS misconfig: pas issue cert, lo lock-out user lama
Bottom Line
Default: Let's Encrypt + auto-renewal. Cukup untuk 99% kasus.
Upgrade ke paid hanya kalau: - Compliance regulated industry (banking, healthcare) - Customer trust signal explicit needed - B2B enterprise contract require it
📚 Sumber Resmi & Referensi
- Let's Encrypt — Free SSL certificate authority
- SSL Labs Test — Test cert + cipher quality
- Certbot Documentation — Setup Let's Encrypt step-by-step
🔗 Artikel Terkait
- Email Deliverability Indonesia: SPF/DKIM/DMARC Setup — Setup tiga record DNS supaya email bisnis lo masuk inbox, bukan spam — terutama ke Gmail/Outlook cus
- CDN Strategy untuk Performance + Anti-Blokir — Setup CDN multi-layer — Cloudflare/BunnyCDN untuk speed, plus origin diversification anti-blokir.
- Audit Domain Bulanan: Checklist 12 Signal — Routine audit kesehatan domain bisnis — 12 signal cek, frekuensi, dan tools yang dipake.