SSL Certificate Install Conerns
-
Hi guys
I've recently had an EV security certificate installed on the site and have seen a drop in search visibility ever since. It was installed on Nov 27th.
Though I was expecting some tracking hiccups as a result of the install and that this is a particularly competitive time of year (I know that others are bidding more aggressively on our brand terms which constitute the vast majority of our traffic) I have been quite concerned by the following:
- Under Acquisition > SEO > Landing Pages this has dropped to 0.
- In GWT, the certificate has been identified as self-signed which we know not to be the case. We've checked with the SSL provider that the certificate has been properly installed and obviously with our developers.
We're just at a bit of a loss as to whether there is actually an issue and it's not just due to tracking issues and external factors.
Does anyone have any advice as to confirm the existence of a problem with the install?
Or how to rectify the GWT error as obviously if Google thinks it's self-signed we're not going to get the ranking benefits we were expecting?
Thanks in advance for your time.
Kind regards
-
How is the rest of your visitors seeking out natural, is it declining for different pages or sub folders as nicely? I've in no way visible Google Analytics no longer attributing the right visit to the right pages so I doubt that could be the case.
-
Sorry for the late response.
What SSL Labs is telling you to do is disable SSLv3. You should be using only the more secure Transport Layer Security(TLS) 1.0 or higher (if you're running credit cards then PCI compliance will force you to use only 1.2 soon). I would also disable RC4 if you can (only affects IE6 users)
-
I've passed this onto our developers so hopefully they can do something with that.
Thanks very much for your time.
-
I got PM. But will post response here.
So there are two situations in SSL (there are much more but it's complicated) - SNI or w/o SNI.
With SNI on one IP you can use many TLS sites. Because in process of handshake browser put hostname and server knows this request for what site inside is. But some browsers doesn't support SNI - Windows XP, IE6, Android 2.2/2.3 and few more. For that you need dedicated IP just they can connect correct on your site.
I think that you have issue with SNI. Because if you trying to open your IP - http://212.48.85.138/ you get warning (about host mismatch) and self-signed certificate (on some machines).
Also you need to tighten your secure connection - stop SSL (it's 15 year old and it's now deprecated), you should support only TLS. Also enable forward secrecy, OCSP stapling and TLS session tickets. It's long but you can see all recommendations here:
https://www.ssllabs.com/ssltest/analyze.html?d=quellabicycle.comI hope that implementing few of them will bring GoogleBot back in site w/o warnings.
-
Hi Highland
Thanks for your response. I've done as you suggested and put our domain through the SSL Labs Tool. Again, nothing is jumping out at me. Except of course the fact we're vulnerable to a POODLE attack for which the suggestion is simply to disable SSL?
-
I had added to the search console the HTTPs versions of the site so we have:
Do I need both HTTP & HTTPs?
& Does it matter which of either www or non-www I select as the "Preferred domain"?
With regards to your second point, I'm fairly confident that our visitors are getting no such warning as there is nothing to suggest to me, other than what is said in the search console, that it is a self-signed certificate. I've checked it on multiple computers/browsers. But as you say, as it does say it in SC then it may be the case!
I've messaged you with the site details. Thanks very much for your help and time!
-
So this is two issues:
- You should verify in SearchConsole new site https:// and link this site with Analytics to get Landing Pages. Please check for correct sitewide 301 redirect from http:// to https:// on ALL your assets. This can be CSS/JS/canonicals/images/local links between pages, etc.
- You should track down this ASAP because of SC show that certificate is self-signed probably same can be seen on your users computers/devices. And this also can lead your visits to 0 if some "warning" was shown. Probably your certificate isn't installed correct on server.
You can PM me with site so i can make quick test.
-
I would highly recommend you run your site through SSL Labs tool. It should help you identify any problems with your SSL install.
Also, make sure that you're loading GA in a secure manner. If it's not loaded securely and someone says not to load insecure assets then it won't show up.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
General SSL Questions After Move
Hello, We have moved our site to https, Google Analytics seems to be tracking correctly. However, I have seen some conflicting information, should I create a new view in analytics? Additionally, should I also create a new https property in Google search console and set it as the preferred domain? If so, should I keep the old sitemap for my http property while updating the sitemap to https only for the https property? Thirdly, should I create a new property as well as new sitemaps in Bing webmaster? Finally, after doing a crawl on our http domain which has a 301 to https, the crawl stopped after the redirect, is this a result of using a free crawling tool or will bots not be able to crawl my site after this redirect? Thanks for all the help in advance, I know there are a lot of questions here.
Technical SEO | | Tom3_150 -
Multi Domain SSL Certs re HTTPS migration
Hi How important is it that when migrating sites to HTTPS they have their own SSL certificates as opposed to choosing the much cheaper multi domain certificate options such as: https://www.namecheap.com/security/ssl-certificates/comodo/ev-multi-domain.aspx I have been told really should have 1 certificate per domain and people generally unsure about multi domain certsificates ? All Best Dan
Technical SEO | | Dan-Lawrence0 -
Redirect of https:// to http:// without SSL. Possible or not?!
Good afternoon, smart dudes : ) I am here to ask for your help. I posted this question on google help forum and stackoverflow, but looks like people do not know the correct answer... QUESTION: We used to have a secured site, but recently purchased a separate reservation software that provides SSL (takes clients to a separate secured website) where they can fill out the reservation form. We cancelled our SSL (just think its a waste to pay $100 for securing plain text). Now i have so many links pointing to our secured site and i have no idea how to fix it! How do i redirect https://www.mysite.comto http://www.mysite.com.Also would like to mention that i already have redirect from non www to www domain (not sure if that matters): RewriteEngine onRewriteCond %{HTTP_HOST} ^mysite.com$ [NC]RewriteRule ^(.*)$ http://www.mysite.com/$1 [R=301,L]As i already mentioned....we do not have SSL!!!! None of those 301 redirect codes i found online work (you have to have SSL for the site to be redirected from https to http | currently i get an error - can't establish a secured connection to the server ). Is there anything i can do???? Or do i have to purchase SSL again?
Technical SEO | | JennaD140 -
Can anyone speak to the pros and cons of installing mod_expire on an Apache server?
We recently had mod_deflate and mod_expire installed on our server in an attempt to improve pagespeed. They worked beautifully, at least we thought they did. Google's pagespeed insights tools evaluated our homepage at 65 before the install and 90 after...major improvement. However, we seem to be experiencing very slow load on our product pages. There is a feeling (not based on any quantifiable data) that mod_expire is actually slowing down our page load, particularly for visitors who do not have the page cached (which would probably be most visitors). Here are some pages to look at with their corresponding score from the Pagespeed Insights tool: Live Sound - 91 http://www.ccisolutions.com/StoreFront/category/live-sound-live-audioWireless Microphones - 90 http://www.ccisolutions.com/StoreFront/category/microphones Truss and Rigging - 79 http://www.ccisolutions.com/StoreFront/category/lighting-truss light weight product detail page 83 http://www.ccisolutions.com/StoreFront/product/global-truss-sq-4109-12-truss-segment heavy weight product detail page 77 http://www.ccisolutions.com/StoreFront/product/presonus-studiolive-16-4-2 Any thoughts from my fellow Mozzers would be greatly appreciated!
Technical SEO | | danatanseo1 -
Should I add SSL certificate site-wide? Or just on Checkout?
I'm setting up my SSL certificate and my programmer said it's smart to just apply it to the entire site. I'm concerned about how this could affect my SEO work. I've heard as far as SEO is concerned, applying it to just the checkout pages is the best way to do it. What are your thoughts? What are potential problems?
Technical SEO | | Webmaster1230 -
SSL in Session
fellow mozzers, i have a question concerning ssl. we were working on a new webshop - the login and all the steps of the shopping cart are secured with ssl, all the other (and important) sites of the webpage are regular http.
Technical SEO | | sethgecko
but if you have visited one site with ssl, the whole session you will be forwarded to the ssl versions, so all pages turn to ssl pages. for me this looks like a possible spider trap for an search engine as they wont find any non-https sites anymore, and these are the ones i want in the index. what do you think? my personal opinion is to make the ssl sites autonomous from the session, but i need some more opinions, as my developer are telling me that this would be alot more work for them. thanks in advance
seth0 -
Should I move x-cart installation or 301 redirect?
We have an existing e-commerce site built on x-cart. The default store location is www.site.com/store. The domain root however is just a static HTML page (currently using mainly graphics) and a nav menu. What would be a better option: 1. Move the install location to the root directory and get rid of the static HTML page. We would have to manually 301 redirect all the old pages to the new location. Not sure if there are negative implications with that. 2. Just optimize the HTML landing page? Seems like it is better to have products and categories as close to the root domain as possible... 3. 301 redirect the domain to www.site.com/store/ and optimize the homepage within the store. This option means we dont have to worry about 2000 redirects or the hassle of moving the store. Anyone had any experience with this and suggestions?
Technical SEO | | BlinkWeb0
