The other day I worked with a client whose WordPress site is hosted on Bluehost—a popular (and massive) hosting provider. She had somehow purchased two separate SSL certificates for the same domain, just a month apart. That shouldn’t even be possible through a modern hosting dashboard.
Let’s be honest—Bluehost has the engineering talent to implement a simple safeguard:
“Heads up: you already have a valid SSL certificate for this domain. No need to buy another one just yet.”
But there was no such warning. Instead, both certificates were set to auto-renew, and (here’s the kicker) there was no visible way to disable auto-renew from the control panel. I had to reach out to customer support and wait while they manually turned it off.
So… why make it so hard?
Was the missing “turn off auto-renew” button just an oversight? Or is it a quiet little revenue strategy—designed to frustrate the user just enough to give up and keep paying for something they don’t need?
A quick aside: Bluehost is owned by Newfold Digital, which emerged from Endurance International Group and is backed by private equity firms Clearlake and Siris Capital.
So yeah. That tracks.
In contrast, every project I build uses free SSL encryption via Let’s Encrypt—a nonprofit initiative that’s trusted across the web. And by using modern platforms like a Headless CMS, we avoid these legacy headaches entirely.
Headless CMS = No More Headaches.
Free SSL. Cleaner builds. Better control.