A digital credential that encrypts traffic between a visitor's browser and your web server, turning HTTP into HTTPS. It proves your domain is yours—or at least, that someone with access to your domain's DNS or email could verify it.
Certificates are issued by Certificate Authorities (CAs) after validation. Free options like Let's Encrypt automate the process; paid CAs offer extended validation (EV) badges and legal comfort you probably don't need. Wildcard certificates cover all subdomains at once. Self-signed certificates work technically but trigger browser warnings—useful for internal infra, useless for public sites.
Why it matters: HTTPS is now baseline. Browsers flag HTTP sites as unsafe. Search engines reward HTTPS. Users expect it. If you're running anything public—a forum, a news site, a crypto payment processor—you need a certificate.
For bunkerdomains clients: your registrar can't issue certificates, but we won't interfere with Let's Encrypt automation or ACME challenges. CAA records let you control which CAs can issue for your domain.