Welcome to WebmasterWorld Guest from 54.156.92.138

Forum Moderators: incrediBILL & martinibuster

Google and SSL Certificates

Google found a problem with mine!

     
9:07 pm on Jun 16, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:May 29, 2007
posts: 694
votes: 53


I received this from Google:

"SSL/TLS certificate does not include domain name https:// xxx .com/.

To: Webmaster of https:// xxx .com/,

Google has detected that the current SSL/TLS certificate used on https:// xxx .com/ does not include https:// xxx .com/ domain name. This means that your website is not perceived as secure by some browsers. As a result, many web browsers will block users accessing your site by displaying a security warning message. This is done to protect users’ browsing behavior from being intercepted by a third party, which can happen on sites that are not secure."

My site is showing the green lock for every page.

I bought this SSL certificate from GoDaddy for $69 for that specific domain. I'm at a loss as to what to do.
9:31 pm on June 16, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Apr 20, 2017
posts: 217
votes: 37


It's odd that the green pad appears, because, if the SSL cert is not matching the domain name, there should be a warning.

By the way, may be your certificate is not installed correctly, or there might be an issue with the "www" and "non-www" definition.

You can test your site here : [ssllabs.com...] . it should report issues, with more details.

Also, be sure that the email is legitimate. I am sure scammers are sending emails to make people to buy SSL cert from them. (like in the past, it was the came with domain names).
9:34 pm on June 16, 2017 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1487
votes: 192


Your certificate may only be valid for the www subdomain. Usually they make the one certificate valid for both the www subdomain and the naked domain, but perhaps Godaddy did not. It could also be a misconfiguration of the webserver so that a different (unsigned) certificate is server for the naked domain.

Is the site also hosted at Godaddy?

And $69... yikes!
10:22 pm on June 16, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:9284
votes: 449


And $69... yikes!
Danica may need a new car :)
10:48 pm on June 16, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:May 29, 2007
posts: 694
votes: 53


Peter_S, thanks for the link. I will use it.

Robzilla, yes, the site is hosted at GoDaddy also.

Thank you both!
10:52 pm on June 16, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Apr 20, 2017
posts: 217
votes: 37


Peter_S, thanks for the link. I will use it.

You are welcome :)
11:12 pm on June 16, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:May 29, 2007
posts: 694
votes: 53


Peter _S - I ran the test, and I got four A's. I don't know if using CloudFlare makes a difference, but I do use CloudFlare.
11:42 pm on June 16, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:9284
votes: 449


So what did Godaddy and CloudFlare say when you reported this to them?
12:46 am on June 17, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:May 29, 2007
posts: 694
votes: 53


keyplyr, I haven't reported it to them yet. I intend to do that tonight.
1:24 am on June 17, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:9284
votes: 449


Always start with the source :)
9:01 am on June 17, 2017 (gmt 0)

Full Member

Top Contributors Of The Month

joined:Apr 20, 2017
posts: 217
votes: 37


As robzilla and I mentioned it earlier, also, be sure to check that the SSL certificate is valid for both the "www" and "non-www", and configured correctly to answer both.

It's also possible that Cloudflare had a hiccup one day.

And verify the legitimize of the email you received. I assume that the same message should show to your Google Search Console. Also, you can try to "fetch as Google".
11:07 am on June 17, 2017 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1487
votes: 192


And/or see what happens if you open the non-www URL in your browser.
3:38 pm on June 17, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member netmeg is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Mar 30, 2005
posts:12993
votes: 210


#1 I'm running CloudFlare on all my sites, and there's no problem with my SSL certificates.

#2 Please don't pay that much again - SSL certificates are WAY cheaper (even free with some hosting options). When yours is up for renewal, LMK and I'll point you to a few places to check out.

#3 For that price, GoDaddy should certainly give you support on the configuration.

#4 robzilla's suggestion is a good one - make sure your site is properly redirect from non-www to www (or the other way around, depending on whether or not you use the www)
4:17 pm on June 17, 2017 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:May 29, 2003
posts:734
votes: 13


Google found a problem with mine - AS WELL.

Everything was looking good.

I installed the Google authentication code in my index page as instructed by Google.
I then verified the code, and Google said I was good to go.

My pages started showing up as HTTPS, looking good.
My site is also showing the green lock for every page.

I tested my SSL using SSL Labs here -
[ssllabs.com...]
My overall rating is “A”.
Under alternative names, www is also covered.


HOWEVER, today I received an email from Google (and a Search Console message) that says my Cert is NO GOOD,
because it was self-signed. I followed the rapidssl instructions to the letter, noting in particular the warning that
self-signing was NOT a good option, so I carefully avoided the self-signing.
But, apparently, it got screwed up, anyway.
What do I have to do, take a screen shot of EVERY interaction page from rapidssl, to prove I didn’t screw up.
I am told that the only fix is to GET A NEW CERTIFICATE.

How many times must I pay, to get it right?
“Many a slip, twixt cup and lip.” "Indistinguishable from magic."

Here is the redacted email text -
Self signed SSL/TLS certificate for https://www.example.com/

To: Webmaster of https://www.example.com/

Google has detected that the SSL/TLS certificate used on https://www.example.com/ is self-signed, which means that it was issued by your server rather than by a Certificate Authority. Because only Certificate Authorities are considered trusted sources for SSL/TLS certificates, your certificate cannot be trusted by most of the browsers. In addition, a self-signed certificate means that your content is not authenticated, it can be modified, and your user’s data or browsing behavior can be intercepted by a third-party. As a result, many web browsers will block users by displaying a security warning message when your site is accessed. This is done to protect users’ browsing behavior from being intercepted by a third party, which can happen on sites that are not secure.

Recommended Action:

Get a new certificate
To correct this problem, you need to get a new, dedicated SSL/TLS certificate from a trusted Certificate Authority (CA). This certificate must match your complete site URL, or be a wildcard certificate that can be used for multiple subdomains on a domain.
Need more help?

•Learn more about SSL certificate problems.
•Read our article on How to secure your site with HTTPSin our Help Center.
•Ask questions in our forum for more help - mention message type [WNC-example].
5:11 pm on June 17, 2017 (gmt 0)

Administrator from US 

WebmasterWorld Administrator not2easy is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Dec 27, 2006
posts:3410
votes: 173


Referring to the OP here - Is it possible that the host's SSL cert doesn't pass? Godaddy hosting is known for using a non-standard setup that does not function with some standard scripts (unless they've recently evolved). That might cause downstream errors for SSLs? Did you generate your own CSR? Just a thought.
5:51 pm on June 17, 2017 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1487
votes: 192


make sure your site is properly redirect from non-www to www (or the other way around, depending on whether or not you use the www)

Always a good idea, but not what I was suggesting. The redirect wouldn't even work if the certificate for the non-www is invalid (or the other way around). However, if it does work in the browser, then it shouldn't be a problem for Googlebot either.

Note that when you use Cloudflare, it's Cloudflare that handles encryption for your domain; you wouldn't even have to buy your own certificate.
6:43 pm on June 17, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:9284
votes: 449


Sally Stitts and azlinda may in fact be experiencing the same issue regarding what Google deems a valid SSL certificate.

Wonder if azlinda's Godaddy cert is self-signed as well?

The free certs from Lets Encrypt [letsencrypt.org] work well. In fact they are recommended by Google in one of their tuts on HTTPS.
10:30 pm on June 17, 2017 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1487
votes: 192


Wonder if azlinda's Godaddy cert is self-signed as well?

I doubt Godaddy issues self-signed certs, but not sure it would matter either: if all traffic passes through Cloudflare, as seems to be the case for azlinda, the users never see that $69 certificate, only Cloudflare's.
10:33 pm on June 17, 2017 (gmt 0)

Preferred Member

10+ Year Member

joined:Mar 10, 2004
posts: 425
votes: 23


What's the Adsense part of this topic?
11:22 pm on June 17, 2017 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member lucy24 is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Apr 9, 2011
posts:13923
votes: 496


I doubt Godaddy issues self-signed certs

It's not completely unthinkable. When you go to https with my host (not Godaddy) they start out with a self-signed certificate while waiting for the real one to propagate. Is it possible Google saw something they weren't meant to see?
11:39 pm on June 17, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:9284
votes: 449


What's the Adsense part of this topic?
Presumably, in the OP azlinda received notification that her cert was not in compliance with Adsense qualifications to be using HTTPS, also witnessed by Sally Stitts.
12:41 pm on June 18, 2017 (gmt 0)

Senior Member from NL 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Sept 25, 2005
posts:1487
votes: 192


Never noticed this was in the AdSense forum, and the messages probably come from the Search Console anyway -- at least for Sally Stitts, who referenced the verification process. And there's a 2015 Search Engine Land post about the message azlinda received here: [searchengineland.com...]
7:52 pm on June 18, 2017 (gmt 0)

Moderator from US 

WebmasterWorld Administrator keyplyr is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 26, 2001
posts:9284
votes: 449


And there's a 2015 Search Engine Land post about the message azlinda received
2015? Man, and I thought My email was slow!