SSL/TLS certificate

An SSL/TLS certificate (technically only TLS — 'SSL' was deprecated in 2015) binds a public key to a domain name and is digitally signed by a Certificate Authority (CA). Browsers verify on every HTTPS request whether the signature chains back to a trusted root CA — without a valid certificate the connection is flagged as insecure. Three validation levels: DV (Domain Validated, automatic via Let's Encrypt — free, minutes to set up), OV (Organisation Validated, vendor verifies the company — €50–200/year) and EV (Extended Validation, formerly with a green address bar, today barely any visible benefit — €100–500/year). For 95 % of all websites a Let's Encrypt DV certificate is enough, renewed automatically by Caddy, Certbot or the hosting panel.