First, you have to associate a custom branded domain, please follow this tutorial → http://jo.my/joturl-branded-domain
Which type of SSL certificate to choose? Pros and Cons of SSL certificates: Traditional vs Let's Encrypt
Traditional SSL certificate
A traditional SSL certificate starts with purchasing an SSL certificate from a trusted provider (e.g., Digicert, Comodo). After that, you’ll need to verify the certificate with the Certificate Authority you purchased it from through a Certificate Signing Request (CSR), this only proves that you manage the domain for which you request the certificate. You can generate a CSR by using the Create certificate request (CSR) button on the following page → https://www.joturl.com/reserved/settings.html#settings-certificates. At this point, your SSL certificate will be validated, at the end of this process, you will get the certificate and (optionally) the intermediate certificates. Navigate to → https://www.joturl.com/reserved/settings.html#settings-certificates and click on Add new certificate/domain association, select the domain, and upload the required files (certificate, private key, intermediate certificates). Once that SSL certificate is installed, wait up to 15 minutes for the certificate to be propagated.
- Customizable. One of the features of a full SSL implementation is that you can purchase an Extended Validation (EV) SSL certificate. This provides your company with an additional guarantee for visitors that your custom domain is secure.
- Easier to implement across multiple subdomains. If you have multiple subdomains, what you'll likely need is either a separate SSL certificate for each subdomain or a wildcard certificate for all variations of your domain. A traditional SSL service is often the easiest way to set up a wildcard certificate if you need to secure several variations.
- Expensive. Although basic SSL certificates may require a low cost, these costs can increase rapidly depending on your needs.
- Time to implement. Modern providers have considerably speeded up the procedures for issuing certificates, but a priori the time required is not predictable (especially for extended validations).
Let’s Encrypt is a free, automated and open certification authority provided by the non-profit Internet Security Research Group (ISRG) to promote web security by issuing free SSL certificates. The implementation of Let's Encrypt is very similar to a traditional SSL certificate: it is still necessary to validate the domain with the certification authority and install the SSL certificate. However, the implementation of Let's Encrypt is completely automated by JotUrl: go to → https://www.joturl.com/reserved/settings.html#settings-certificates, click on Get a free certificate and follow instructions on the screen. Once that SSL certificate is installed, wait up to 15 minutes for the certificate to be propagated.
- Free. The cost is zero.
- Ease of implementation. The implementation of Let's Encrypt is automated by JotUrl.
- Complete security. Like with a traditional SSL certificate, the entire connection between site visitor and our servers is secure, leaving no possibility of a compromised connection.
- Compatibility issues. Let’s Encrypt is known to be incompatible with a few different platforms, though the ones it is incompatible with are not likely to be a major source of traffic to your custom domain. The compatibility could change for the worse due to the announced transitioning to ISRG's root: https://letsencrypt.org/2019/04/15/transitioning-to-isrg-root.html
- 90-day certificates. While traditional SSL certificates are often valid for a year or more, Let’s Encrypt certificates are only valid for 90 days, and they recommend renewing every 60 days. However, even the renewal is automated by JotUrl. For clarity we must stress that the automatic renewal system is under test, so we advise you to check the renewal of your certificates every 80 days and to contact our assistance if the update fails.
- Limited customization. Let’s Encrypt will only offer Domain Validation certificates, meaning that you can’t purchase a certificate to get an Extended Validation. Also, our engine cannot validate Let’s Encrypt wildcard certificates since they require DNS validation and our engine can only automatically support HTTP validation.