The SSL/TLS section of your scan report tells you whether the encrypted connection between your website and your visitors is properly configured. If you've ever seen the padlock icon in your browser's address bar, that's SSL/TLS at work.
What is SSL/TLS?
SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are the technologies that encrypt the connection between a visitor's browser and your website. TLS is the modern replacement for SSL, but the terms are often used interchangeably.
When someone visits your website over HTTPS, their browser and your server perform a "handshake" to establish an encrypted connection. This stops anyone between the two (such as someone on the same Wi-Fi network) from reading or tampering with the data in transit.
What We Check
Our scan examines several aspects of your SSL/TLS configuration:
Certificate validity
Is your SSL certificate current and issued by a trusted certificate authority? An expired or invalid certificate will cause browsers to show a security warning to your visitors, which can drive them away immediately.
Certificate expiry
How many days until your certificate expires? Certificates typically last 90 days to 1 year. If your certificate is approaching expiry and doesn't auto-renew, your site will suddenly start showing security warnings.
Protocol versions
Which versions of TLS does your server support? TLS 1.2 and TLS 1.3 are considered secure. Older versions (TLS 1.0, TLS 1.1, SSL 3.0) have known vulnerabilities and should be disabled.
Certificate chain
Is the full chain of trust intact from your certificate through intermediate certificates to the root certificate authority? A broken chain can cause some browsers or devices to reject the connection.
What to Look For in Your Report
- Valid certificate with 30+ days to expiry — You're in good shape. Just make sure auto-renewal is configured.
- Certificate expiring soon (under 30 days) — Check that your hosting provider's auto-renewal is working. If you manage certificates manually, renew now.
- Expired certificate — This is urgent. Visitors are seeing security warnings right now. Contact your hosting provider immediately.
- Old TLS versions supported — Your server should only support TLS 1.2 and 1.3. Supporting older versions creates unnecessary risk.
Why It Matters
Without a valid SSL/TLS certificate, your website traffic is sent in plain text — meaning anyone who intercepts it can read passwords, form submissions, and personal data. Google also uses HTTPS as a ranking signal, so an insecure site may rank lower in search results.
Most modern hosting platforms (including Squarespace, Wix, and WordPress.com) provide SSL certificates automatically. If your report shows issues, it's usually a configuration problem rather than something you need to purchase.