SSL Certificate Install Conerns
-
Hi guys
I've recently had an EV security certificate installed on the site and have seen a drop in search visibility ever since. It was installed on Nov 27th.
Though I was expecting some tracking hiccups as a result of the install and that this is a particularly competitive time of year (I know that others are bidding more aggressively on our brand terms which constitute the vast majority of our traffic) I have been quite concerned by the following:
- Under Acquisition > SEO > Landing Pages this has dropped to 0.
- In GWT, the certificate has been identified as self-signed which we know not to be the case. We've checked with the SSL provider that the certificate has been properly installed and obviously with our developers.
We're just at a bit of a loss as to whether there is actually an issue and it's not just due to tracking issues and external factors.
Does anyone have any advice as to confirm the existence of a problem with the install?
Or how to rectify the GWT error as obviously if Google thinks it's self-signed we're not going to get the ranking benefits we were expecting?
Thanks in advance for your time.
Kind regards
-
How is the rest of your visitors seeking out natural, is it declining for different pages or sub folders as nicely? I've in no way visible Google Analytics no longer attributing the right visit to the right pages so I doubt that could be the case.
-
Sorry for the late response.
What SSL Labs is telling you to do is disable SSLv3. You should be using only the more secure Transport Layer Security(TLS) 1.0 or higher (if you're running credit cards then PCI compliance will force you to use only 1.2 soon). I would also disable RC4 if you can (only affects IE6 users)
-
I've passed this onto our developers so hopefully they can do something with that.
Thanks very much for your time.
-
I got PM. But will post response here.
So there are two situations in SSL (there are much more but it's complicated) - SNI or w/o SNI.
With SNI on one IP you can use many TLS sites. Because in process of handshake browser put hostname and server knows this request for what site inside is. But some browsers doesn't support SNI - Windows XP, IE6, Android 2.2/2.3 and few more. For that you need dedicated IP just they can connect correct on your site.
I think that you have issue with SNI. Because if you trying to open your IP - http://212.48.85.138/ you get warning (about host mismatch) and self-signed certificate (on some machines).
Also you need to tighten your secure connection - stop SSL (it's 15 year old and it's now deprecated), you should support only TLS. Also enable forward secrecy, OCSP stapling and TLS session tickets. It's long but you can see all recommendations here:
https://www.ssllabs.com/ssltest/analyze.html?d=quellabicycle.comI hope that implementing few of them will bring GoogleBot back in site w/o warnings.
-
Hi Highland
Thanks for your response. I've done as you suggested and put our domain through the SSL Labs Tool. Again, nothing is jumping out at me. Except of course the fact we're vulnerable to a POODLE attack for which the suggestion is simply to disable SSL?
-
I had added to the search console the HTTPs versions of the site so we have:
Do I need both HTTP & HTTPs?
& Does it matter which of either www or non-www I select as the "Preferred domain"?
With regards to your second point, I'm fairly confident that our visitors are getting no such warning as there is nothing to suggest to me, other than what is said in the search console, that it is a self-signed certificate. I've checked it on multiple computers/browsers. But as you say, as it does say it in SC then it may be the case!
I've messaged you with the site details. Thanks very much for your help and time!
-
So this is two issues:
- You should verify in SearchConsole new site https:// and link this site with Analytics to get Landing Pages. Please check for correct sitewide 301 redirect from http:// to https:// on ALL your assets. This can be CSS/JS/canonicals/images/local links between pages, etc.
- You should track down this ASAP because of SC show that certificate is self-signed probably same can be seen on your users computers/devices. And this also can lead your visits to 0 if some "warning" was shown. Probably your certificate isn't installed correct on server.
You can PM me with site so i can make quick test.
-
I would highly recommend you run your site through SSL Labs tool. It should help you identify any problems with your SSL install.
Also, make sure that you're loading GA in a secure manner. If it's not loaded securely and someone says not to load insecure assets then it won't show up.
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
General SSL Questions After Move
Hello, We have moved our site to https, Google Analytics seems to be tracking correctly. However, I have seen some conflicting information, should I create a new view in analytics? Additionally, should I also create a new https property in Google search console and set it as the preferred domain? If so, should I keep the old sitemap for my http property while updating the sitemap to https only for the https property? Thirdly, should I create a new property as well as new sitemaps in Bing webmaster? Finally, after doing a crawl on our http domain which has a 301 to https, the crawl stopped after the redirect, is this a result of using a free crawling tool or will bots not be able to crawl my site after this redirect? Thanks for all the help in advance, I know there are a lot of questions here.
Technical SEO | | Tom3_150 -
Cloudflare shared SSL certificate vs Letsencrypt
Cloudflare does have a free SSL certificate, which is shared among many domains (in my case 30+ domains). An alternative would be to use letsencrypt and generate a dedicated certificate. Can a shared SSL certificate hurt my google ranking?
Technical SEO | | danielbeck0 -
Issues with Google Search Console and rekeyed SSL certificate
Hi, Another newbie question please. I've recently changed the name of my business so bought a new domain and rekeyed the SSL certificate to the new domain. Let's say the old domain was called https://123.com and the new one is https://abc.com. I've set up a 301 redirect on 123.com to forward to abc.com and I've added the new domain to Google Search Console and verified it, however can't seem to use the Change of Address tool to move from the old domain to the new domain. I think its because my preferred property (https://123.com) technically no longer exists since I rekeyed the SSL certificate from the old site to the new one so the old site no longer has an SSL certificate. When I go to the old https domain it doesn't load, nor does it seem to forward to the new site. It just times out. Am I correct in assuming that since I rekeyed the SSL certificate, that my original preferred property on Google (https://123.com) no longer exists? And if so, is there a way to use the Change of Address tool or do I simply need to remove the old site from Google and go through a period where my (new) site builds it's ranking from scratch? Thanks in advance folks!
Technical SEO | | Veevlimike0 -
Can you have an SSL cert but still have http?
I was under the impression that if you got an SSL cert for your site that the site would change to https. I ran this site: http://thekinigroup.com/ through an SSL checker and it said it had one...but it's http. 1. Why didn't it change to https? Is there an extra step there that needs to be done? 2. Is there a reason someone would choose to get an SSL cert, but not have https? Thanks, Ruben
Technical SEO | | KempRugeLawGroup0 -
Moving my website that is currently fully https (ssl) to http (non ssl).
Hey MOZ Community. I have a site that is currently full https (ssl) and what to move it to http (non-ssl). How will this move effect my SEO and what would be the best method of doing so without causing to much damage?
Technical SEO | | Bonx0 -
Will combining multiple websites/brands into one Wordpress Multisite Installation hurt SEO?
My company currently operates four websites, independently of each other, a corporate website and three separate store brands. innovativemattresssolutions.com - corporate website mattressking.net sleepoutfitters.com mattresswarehouse.com All of our stores have the same branding, same TV spots, same print ads, etc across the company, we just swap out logos on all marketing pieces. It is proving nearly impossible for us to maintain four separate websites, currently on three different platforms. all four are hosted separately as of now. We would like to combine all four websites to one Wordpress Multisite installation so we can manage the pages from one place, using the same theme and even content in many places because all brands share the same info, policies, products, etc. We would set up wordpress multi using subfolders for installation and point the URL directly to resolve to the appropriate subfolder. The only site that would crosslink to the others would be the corporate website. Is this a bad idea for SEO? What other options would we have? Should we keep the corporate site on its own installation, but put the other three brands on a multisite install? Would duplicating content on the three brand pages be an issue? Less of an issue if they were not on multisite? Any insight is much appreciated.
Technical SEO | | Karrie_Beth0 -
Verisign Trust Seal and Domain Metrics (Has noting to do with SSL)
Hi, Does anyone have any evidence or case studies that Verisign Trust seal actually raises trust metrics? I know there are the obvious benefits such as better CTR and Conversion (which could in turn raise trust metrics). But i am looking for actual sighted examples of Verisign increasing trust signals to search engines discrediting the correlation between search metrics improving. I modified this as i think people are getting confused between SSL products and the specific Versign product i am talking about Verisign Trust Seal seen here. https://www.verisign.com/trust-seal/index.html?tid=gnps This has nothing to do with security for transactions it is more geared towards all around safer user experience including Malware scans and enhanced "stand out" in SERPS. It is not just a Domain validation but an organizational or Branding authentication check" With that being said, the question still stands Does anyone have any case studies or direct examples of trust being elevated in metrics for the specific product mentioned above. Thanks.
Technical SEO | | Jinx146780