It's odd that the green pad appears, because, if the SSL cert is not matching the domain name, there should be a warning.

By the way, may be your certificate is not installed correctly, or there might be an issue with the "www" and "non-www" definition.

You can test your site here : [ssllabs.com...] . it should report issues, with more details.

Also, be sure that the email is legitimate. I am sure scammers are sending emails to make people to buy SSL cert from them. (like in the past, it was the came with domain names).

Your certificate may only be valid for the www subdomain. Usually they make the one certificate valid for both the www subdomain and the naked domain, but perhaps Godaddy did not. It could also be a misconfiguration of the webserver so that a different (unsigned) certificate is server for the naked domain.

Is the site also hosted at Godaddy?

And $69... yikes!

And $69... yikes!

Danica may need a new car :)

Peter_S, thanks for the link. I will use it.

Robzilla, yes, the site is hosted at GoDaddy also.

Thank you both!

Peter_S, thanks for the link. I will use it.

You are welcome :)

Peter _S - I ran the test, and I got four A's. I don't know if using CloudFlare makes a difference, but I do use CloudFlare.

So what did Godaddy and CloudFlare say when you reported this to them?

keyplyr, I haven't reported it to them yet. I intend to do that tonight.

Always start with the source :)

As robzilla and I mentioned it earlier, also, be sure to check that the SSL certificate is valid for both the "www" and "non-www", and configured correctly to answer both.

It's also possible that Cloudflare had a hiccup one day.

And verify the legitimize of the email you received. I assume that the same message should show to your Google Search Console. Also, you can try to "fetch as Google".

And/or see what happens if you open the non-www URL in your browser.

#1 I'm running CloudFlare on all my sites, and there's no problem with my SSL certificates.

#2 Please don't pay that much again - SSL certificates are WAY cheaper (even free with some hosting options). When yours is up for renewal, LMK and I'll point you to a few places to check out.

#3 For that price, GoDaddy should certainly give you support on the configuration.

#4 robzilla's suggestion is a good one - make sure your site is properly redirect from non-www to www (or the other way around, depending on whether or not you use the www)

Google found a problem with mine - AS WELL.

Everything was looking good.

I installed the Google authentication code in my index page as instructed by Google.
I then verified the code, and Google said I was good to go.

My pages started showing up as HTTPS, looking good.
My site is also showing the green lock for every page.

I tested my SSL using SSL Labs here -
[ssllabs.com...]
My overall rating is “A”.
Under alternative names, www is also covered.


HOWEVER, today I received an email from Google (and a Search Console message) that says my Cert is NO GOOD,
because it was self-signed. I followed the rapidssl instructions to the letter, noting in particular the warning that
self-signing was NOT a good option, so I carefully avoided the self-signing.
But, apparently, it got screwed up, anyway.
What do I have to do, take a screen shot of EVERY interaction page from rapidssl, to prove I didn’t screw up.
I am told that the only fix is to GET A NEW CERTIFICATE.

How many times must I pay, to get it right?
“Many a slip, twixt cup and lip.” "Indistinguishable from magic."

Here is the redacted email text -

Self signed SSL/TLS certificate for https://www.example.com/

To: Webmaster of https://www.example.com/

Google has detected that the SSL/TLS certificate used on https://www.example.com/ is self-signed, which means that it was issued by your server rather than by a Certificate Authority. Because only Certificate Authorities are considered trusted sources for SSL/TLS certificates, your certificate cannot be trusted by most of the browsers. In addition, a self-signed certificate means that your content is not authenticated, it can be modified, and your user’s data or browsing behavior can be intercepted by a third-party. As a result, many web browsers will block users by displaying a security warning message when your site is accessed. This is done to protect users’ browsing behavior from being intercepted by a third party, which can happen on sites that are not secure.

Recommended Action:

Get a new certificate
To correct this problem, you need to get a new, dedicated SSL/TLS certificate from a trusted Certificate Authority (CA). This certificate must match your complete site URL, or be a wildcard certificate that can be used for multiple subdomains on a domain.
Need more help?

•Learn more about SSL certificate problems.
•Read our article on How to secure your site with HTTPSin our Help Center.
•Ask questions in our forum for more help - mention message type [WNC-example].

Referring to the OP here - Is it possible that the host's SSL cert doesn't pass? Godaddy hosting is known for using a non-standard setup that does not function with some standard scripts (unless they've recently evolved). That might cause downstream errors for SSLs? Did you generate your own CSR? Just a thought.

make sure your site is properly redirect from non-www to www (or the other way around, depending on whether or not you use the www)

Always a good idea, but not what I was suggesting. The redirect wouldn't even work if the certificate for the non-www is invalid (or the other way around). However, if it does work in the browser, then it shouldn't be a problem for Googlebot either.

Note that when you use Cloudflare, it's Cloudflare that handles encryption for your domain; you wouldn't even have to buy your own certificate.

Sally Stitts and azlinda may in fact be experiencing the same issue regarding what Google deems a valid SSL certificate.

Wonder if azlinda's Godaddy cert is self-signed as well?

The free certs from Lets Encrypt [letsencrypt.org] work well. In fact they are recommended by Google in one of their tuts on HTTPS.

Wonder if azlinda's Godaddy cert is self-signed as well?

I doubt Godaddy issues self-signed certs, but not sure it would matter either: if all traffic passes through Cloudflare, as seems to be the case for azlinda, the users never see that $69 certificate, only Cloudflare's.

What's the Adsense part of this topic?

I doubt Godaddy issues self-signed certs

It's not completely unthinkable. When you go to https with my host (not Godaddy) they start out with a self-signed certificate while waiting for the real one to propagate. Is it possible Google saw something they weren't meant to see?

What's the Adsense part of this topic?

Presumably, in the OP azlinda received notification that her cert was not in compliance with Adsense qualifications to be using HTTPS, also witnessed by Sally Stitts.

Never noticed this was in the AdSense forum, and the messages probably come from the Search Console anyway -- at least for Sally Stitts, who referenced the verification process. And there's a 2015 Search Engine Land post about the message azlinda received here: [searchengineland.com...]

And there's a 2015 Search Engine Land post about the message azlinda received

2015? Man, and I thought My email was slow!