SuttonNet requires all websites that we host to maintain a valid security (SSL or SSL/TLS) certificate. Each site's security certificate is installed and managed by us as web hosts.
A website security certificate helps protect your website, your site visitors, our web server and our other clients' sites.
Our current pricelist is shown below.
Like many around the Internet world, we chose Let's Encrypt (Domain Validation level) certificates at first for our clients' websites. There's no purchase or renewal fee for a Let's Encrypt certificate. The certificate auto renews, so maintenance is much lower than for commercial certificates.
We have become uneasy about the Let's Encrypt option, not over its security but over the way certificate issuance is managed. Our concern is about protection for Internet users from phishing sites. You can read more on our main website.
New webhosting clients from 2021 will need to purchase a commercial certificate. Current clients may need to buy a non LE certificate in 2021. Changes to LE threaten to render LE-encrypted sites inaccessible for users on older platforms after September 2021. The affected platforms include Android 7.1.1 and earlier Android versions.
A security (SSL/TLS ) certificate is software that gets installed on your website. It allows data on your website to be encrypted during transmission between the web server and site users' browsers.
There are 3 levels of certificate: Domain Validation (basic), Organisation Validation, Extended Validation (the top level). All encrypt webpages and other data securely. See Certificate Levels below.
They don't, but you are used to paying $0.
SuttonNet offers better value than most. We receive major wholesale discounts which we can pass on. We charge far less than many retail suppliers. Free installation is included for each website hosted on our server. Our supplier would charge c$50US for that!
If you look online, you'll find that TLS/SSL certificate prices vary wildly. Sometimes the price jumps are a mystery. Other times, they reflect product variations:
Some certificates come bundled with extra features at higher cost: added security software or a dynamic 'trust seal'. Is the extra cost worth it? That depends on your line of business, your website(s), your customers and your competitors.
For our pricelist, we avoided the lowest priced TLS/SSL certificates. They tend to perform less well on mobile phones and they tend to rely on a longer chain of 'intermediate' certificates - more to go wrong, visitors take a little longer to access your website. We also didn't include higher end certificates that are beyond the budget of many of our clients. But if you want to pay $2000 and more for the best, please get in touch. We won't say no!
No. A security certificate does NOT guarantee that a website is free from malware, viruses etc.
It protects webpages and other data from being intercepted and read or altered, between web server and user. But there are other ways that hackers can get at a website.
More expensive SSL/TLS certificates include daily malware and virus checks. That sounds good; but it can add a significant load to our server and slow websites down. Talk with us if you are interested in using these scans.
We believe these protections are key:
SuttonNet provides the first two; (iii) is up to you. Contact us if you need advice or help.
It depends on how many websites you have, whether you use ecommerce and other factors.
We are not going to tell you which certificate to buy. We will help you sort through the complexities. We've researched and clarified many points already to write this page.
SSL/TLS certificates are a bit of a lottery; there's plenty of !!!! HYPE out there. It's hard for us to get reliable information. Certificate brands are sold and resold by Big Tech players; names that were trusted 5 years ago are now owned by their (once) less favoured competitors.
If it's any comfort, the risk is bigger for SuttonNet. Some certificates will be harder to manage and that chews up our time, not yours.
Our list covers a selection of midrange certificates that claim very high compatibility with the range of platforms people use for the Internet. None claims 100% compatibility. There'll be someone out there with a Flintstones version smartphone that doesn't recognise the best of SSL certificates.
Read the information on this webpage, on our main website and in emails and client newsletters. Ask if you don't understand. If we know any reasons why some products are better than others, we will tell you.
If you need to secure several websites: compare the Multi/Flex products with buying several Single certificates. Which certificate is best value for you depends on how many domains you need to secure. Remember that forwarding domains don't need a security certificate; only your website domain name(s).
Worst case scenario: your certificate turns out to be less than desired, eg some key mobile phones or browsers won't accept it. Let us know asap. We have a 30 day money back guarantee from our supplier, so we can quickly swap it for another product. You will need to cover any additional costs.
Visit our main website to learn more about website security certificates, trust seals and their importance.
Or stay on our client support site and brush up on online and general IT security for your business or NFP group.
We've shown mid range certificates from well known brands. These all offer excellent browser & mobile compatibility. None claims 100% compatibility. They all use similar encryption technology. Some certificates are better regarded and perhaps more robust with a shorter chain of intermediary steps.
Read our notes to understand what's what. We have demystified certificates as best we can. The SSL Store have been very patient with our questions, and generous in placing a very small reseller in their top bracket. You benefit from big wholesale discounts.
All prices are ex GST and are subject to changes in our supplier's prices & special offers. Prices include free installation to websites on our server (and for multi year products, re-installing an up to date certificate each year).
Prices do NOT include us adding to your website:
We have only shown 1 and 2 year subscription prices here because of the uncertain state of the world, including the Internet. We assume most clients would prefer a shorter term commitment. There are 3, 4, 5 and even 6 year subscription plans, with savings on per-year costs. Contact us if you are interested.
There is no need to secure both www.and non www. versions of your domains. Buy a certificate for the www. version only. Our hosting settings will automatically redirect yourdomain.com.au to www.yourdomain.com.au. This setup reduces costs for Multi or Flex products and it helps SEO.
Certificates are either:
With Flex or Multi domain, you can add extra domains/subdomains (SANs) at time of purchase for the 'extra SAN' price shown here. You can also add 'extra SANs' later; we'll charge a re-installation fee on top of the 'extra SAN' price, because we'll have to re-install the certificate on all domains.
A SAN means something akin to 'a domain or subdomain'. These are all SANs:
mydomain.com.au
mydomain.com
mail.mydomain.com.au
www.mydomain.com.au
draft.mydomain.com.au
shop.mydomain.com.au
ourdomain.com.au
anydomain.co.nz
A trust seal or site seal is a small image that can be placed on your website to remind site users that it's secured by your chosen brand of 'Certificate Authority'.
Dynamic site seals can be clicked on to display important security details; static seals are... static. They're called trust seals because they can increase visitor trust in your website. Eg a well placed dynamic site seal on your payment page can reduce the number of abandoned shopping carts.
Product Name |
Level |
Type |
Trust Seal |
1 Year Price |
2 Year Price |
Comments |
Sectigo SSL |
DV |
Single |
$110 |
$205 |
||
Thawte SSL123 |
DV |
Flex |
$100 + $85 per extra SAN |
$195 + $165 per extra |
||
GeoTrust DV SSL |
DV |
Flex |
$125 + $100 per extra SAN |
$195 + $165 per extra |
||
Comodo Elite SSL |
OV |
Single |
||||
Sectigo SSL |
OV |
Single |
Dynamic |
$180 |
$340 |
|
GeoTrust TrueBusiness ID |
OV |
Single |
Dynamic | $190 |
$350 |
|
GeoTrust TrueBusiness ID | OV |
Multi |
Dynamic | $500 + $80 per extra SAN |
$900 + $150 per extra SAN |
Secures 5 SANs for base price |
GeoTrust TrueBusiness ID |
EV |
Single |
Dynamic | $340 |
$650 |
|
GeoTrust TrueBusiness ID | EV |
Multi |
Dynamic |
$715 + $95 per extra SAN |
$1300 + $180 per extra SAN |
Secures 5 SANs for base price |
If you have only one website, maybe with other domains that forward to it:
If you have > 1 website:
If you have domains forwarding to your website: the forwarding domains do not need a certificate.
What if you make a mistake in your order? We know the domains and websites that every client has on our server. We'll notice if there is anything strange in your order, and we'll ensure the right domains are secured.
Do you need to cover more than one IP address (eg you have a website hosted with us and you want to secure your own mail server for mail.mydomain.com.au on another IP)? This can be done with a multi domain or flex certificate, but it is more secure to use a separate TLS/SSL certificate for each server.
If you can't see what you want: ask us. There are many more options.
You can cover more than 1 website with a single TLS/SSL certificate. Read the pricelist carefully; one product is the cheapest for 2 websites, another is best option if you have 3 sites, or 5, or....
The main difference between flex & multi is:
For clients with several subdomains (yourdomain.com.au, training.yourdomain.com.au...), there is an option called a wildcard (not shown here). We recommend that you don't buy a wildcard certificate because there is a security weakness. You could secure a phishing website unawares.
There are 3 levels: DV, OV, EV.
EV & OV certificates are the top rating certificates. They validate your business as well as encrypting your website data. They assure site visitors that you are not a con artist, but a genuine business. You really will send top quality caterpillar pj's in exchange for $200 from your customer's credit card. EV is stronger verification than OV. Visit our main website to know more.
OV or EV is an extra cost but the returns may be worthwhile. EV has long been acknowledged as the best option for ecommerce. For small businesses without online sales, the (usually) cheaper DV is a realistic choice.
We maintain an EV certificate on this website. (We've been slack about adding the trust seal; too busy working on your websites.)
Email us with:
Allow some lead time when ordering certificates. We need to arrange currency transfer to US$, order through our supplier, guide you through OV/EV verification (if needed) and install the certificate keys on your website.
For an OV or EV certificate, it takes c 1- 5 days for the Certificate Authority (CA) to verify your business/organisation. You supply identifying data (eg physical street address, website with contact details, ABN, DUNS (Dun & Bradstreet) number). The CA checks multiple public records and phones you to help confirm that your application is genuine.
All your business/organisation's records must match perfectly, otherwise the OV/EV verification might fail or be delayed. Digicert offers fast tracked OV/EV verification in 24 hours; you need to have the right documentation ready.
If you are comparing with other SSL/TLS certificate prices online, bear in mind:
Like a domain name, a commercial SSL certificate needs to be re-purchased when it is near its expiry date. You needn't to stay with the same brand, but for an OV/EV re-order this can speed up the verification process.
Our supplier offers big specials to its resellers. We don't guarantee that the same specials will be in force when you re-purchase your certificate in a year or more.
We would expect that LE will become accepted on more platforms over time. You could wait until your paid certificate expires and then revert to LE again, if that seems reliable. We would charge an LE certificate re-installation fee.
Due to the other (integrity related) problems with Let's Encrypt, we might decide not to use it at all on our server in future. This is not a decision we would make without advance notice to clients, or without further research. The alternatives might be as bad or worse!
Updated 20 January 2021