OUR POLICIES

SSL Certificate(s) Policy

If you have any questions or suggestions around our policies, then please feel free to reach out to us and let us know. Our team will come back to you as soon as we can.

REACH OUT TO OUR TEAMDownload Policy (PDF)

CreativeWP Ltd SSL Certificate Policy

Effective Date: 25/04/2025
This Document Was Last Updated: 01/02/2025

This SSL Certificate Policy outlines how SSL certificates are issued, maintained, and supported for all websites hosted by CreativeWP Ltd. It forms part of our broader hosting and security framework and should be read alongside our Shared Hosting Policy, Data Policy, and Communication Policy.

1. Overview

At CreativeWP, we require all hosted websites (including staging and development environments) to have a valid and active SSL certificate at all times. This is non-negotiable and forms a critical part of our server-level protection and compliance standards.

An SSL certificate ensures that data passed between your users and your website is encrypted, secure, and browser-trusted.

2. Default SSL: Let’s Encrypt (Free)

All CreativeWP-hosted websites include a free Let’s Encrypt SSL certificate by default.

Key Features:

  • Auto-installed and renewed by our server infrastructure

  • Covers single-domain or subdomain SSL (e.g. example.com, www.example.com)

  • Provides standard encryption and HTTPS padlock

  • Included at no extra cost

Limitations:

  • Let’s Encrypt certificates do not include any warranty or breach coverage

  • No organisation or business validation is included

  • Not suitable for sites that require financial transaction protection or compliance verification

3. Paid SSL Certificates

For clients needing enhanced security, validation, or warranty coverage, we offer a range of paid SSL certificates via trusted third-party providers.

Recommended for:

  • eCommerce sites handling card payments

  • Legal, financial, or healthcare-related services

  • Any business needing additional trust seals, validation, or warranty

  • Multi-domain or wildcard needs

Available SSL Types:

  • Domain Validation (DV)

  • Organisation Validation (OV)

  • Extended Validation (EV)

  • Wildcard or Multi-Domain options

Each type offers increasing levels of identity verification, trust indicators (e.g. company name in the address bar), and financial warranty—protecting your business in case of a certificate failure or breach.

4. Management & Support

CreativeWP handles all technical aspects of both free and paid SSL certificates, including:

  • Installation

  • Renewal

  • DNS configuration

  • Redirect enforcement (HTTP to HTTPS)

Let’s Encrypt certificates are renewed automatically via server automation.

Paid SSL certificates require annual renewal and DNS verification. We handle this end-to-end once ordered and approved.

5. Billing & Time Tracking

All SSL certificate services—excluding free Let’s Encrypt coverage—are billed ad-hoc, at the following rate:

  • £35.00 + VAT per hour, billed in 15-minute increments

This includes:

  • Certificate sourcing and purchase via our partner

  • Installation and DNS management

  • Renewal handling

  • Support or troubleshooting requests related to SSL

You’ll only be billed when direct manual action is required. For most clients, this is a one-off or annual task.

6. Let’s Encrypt Disclaimers

By default, CreativeWP issues Let’s Encrypt certificates for all hosted websites. While these provide industry-standard encryption, clients must understand:

  • No warranty or liability is provided by Let’s Encrypt

  • If your certificate fails or is compromised, there is no financial coverage

  • Browsers and platforms may distrust certificates from time to time depending on root authority changes (CreativeWP will monitor this)

We strongly recommend upgrading to a paid certificate if your business handles sensitive data or payments.

7. PCI & Regulatory Compliance

If your website must comply with:

  • PCI-DSS (Payment Card Industry Data Security Standard)

  • HIPAA (Health Insurance Portability and Accountability Act)

  • GDPR (General Data Protection Regulation)

  • Other legal or industry-specific frameworks

Then you must purchase a validated SSL certificate and not rely solely on Let’s Encrypt. CreativeWP can advise and supply options that include validation and warranty coverage where needed.

8. Client Responsibility & Data Protection

CreativeWP does not store or process any credit card data on our hosting servers. All payments, subscriptions, or eCommerce functions must be connected to regulated payment platforms such as:

  • Stripe

  • PayPal

  • Klarna

  • Other third-party gateways

We are not FCA regulated and cannot handle PCI-related server processing.

SSL certificates alone do not make a site compliant. They are one part of a broader security and legal framework that may include policies, audits, and secure software architecture.

9. Need an Upgrade?

To request a paid SSL certificate or get help evaluating your website’s needs, email:

support@creativewp.co.uk
 or
 requests@creativewp.co.uk (for a call or meeting)

We’ll guide you through the best options, quote transparently, and handle everything behind the scenes.

10. Summary

SSL Type Included Warranty Recommended Use
Let’s Encrypt Yes None General websites, blogs
Paid DV SSL No Yes Local businesses, forms
Paid OV/EV SSL No Yes Legal, finance, eCommerce
Wildcard/Multi No Yes Multi-site, subdomain setups

11. Questions?

For technical queries or billing, please contact:

  • Support: support@creativewp.co.uk

  • Billing: accounts@creativewp.co.uk

  • Legal: legal@creativewp.co.uk

  • Meeting Requests: requests@creativewp.co.uk

  • Emergency SSL Outages (Urgent Only): 01697 508 281