|[WMT-39400] Squarespace Sites and SSL certificate Subject Name||Johnny Blood||5/1/14 5:03 AM|
I've read the FAQs and searched the help center.
My URL is: http://www.toddklassy.com
I received an email from Google stating that the host name of my site [https://www.toddklassy.com] does not match any of the "Subject Names" in my SSL certificate, which were:
I'm told as a result, many web browsers will block users from accessing my site, or display a security warning message when your site is accessed.
According to Squarespace, the company that hosts my website, Squarespace doe not support SSL certificates on the custom domain and there is no way to fix this on the domain level.
What do I need to do?
|Re: [WMT-39400] Squarespace Sites and SSL certificate Subject Name||Hannah R Adams||5/1/14 5:28 AM|
I have the same issue Todd and have started another thread so will be interested to read any answers. As an aside, I clicked through to your site from the UK with no problem. Beautiful images!
|Re: [WMT-39400] Squarespace Sites and SSL certificate Subject Name||JohnMu||5/1/14 7:46 AM|
It looks like our crawlers ran across that HTTPS page on your website, and when trying to crawl it noticed that the certificate wasn't correct. If you're trying to serve your users on that URL, then this is something you need to resolve.
If you're currently not using that HTTPS part of your website at all, then this is not a critical issue. At some point it might be worth talking with your hosters about just turning off the HTTPS part completely or redirecting it to your HTTP website. If nobody is using that part of your website, then again, that's not a critical issue. Another alternative - especially if you think that your users might appreciate a secure connection to your website - might be to take this as a subtle sign and to move your website from HTTP to HTTPS (using a valid certificate). A move like that isn't always trivial though, so if you'd like to head in that direction, it's often worth getting help.
|Re: [WMT-39400] Squarespace Sites and SSL certificate Subject Name||JohnMu||5/1/14 7:47 AM|
Just wanted to add that I agree about the photos :-)
|Re: [WMT-39400] Squarespace Sites and SSL certificate Subject Name||Johnny Blood||5/2/14 6:52 PM|
Thank you for your kind comments and assistance.
I checked with Squarespace and they said there isn't a way to redirect https to http versions of their hosted sites. They said I would need to go through the process of removing the https version that Google has so people don't get the error message when they visit my site.
BUT HERE'S THE PROBLEM...when I try to remove https://www.toddklassy.com Google analyzes that domain and then tells me, "The content is still live on the web. Before Google can remove it from our search results, the site owner needs to take down or update the content."
So what am I supposed to do??? I can't remove my HTTPS domain. And I'm still concerned what this does to my HTTP website and content and its current rankings and how Google sees it.
|Re: [WMT-39400] Squarespace Sites and SSL certificate Subject Name||JohnMu||5/3/14 8:11 AM|
No -- please don't request site removal of the HTTPS version. That would remove your whole website (both HTTP and HTTPS). That's almost certainly not what you want to do. If you don't have a proper HTTPS version, then the best thing to do would be not to serve anything on HTTPS. If none of your users ever go to the HTTPS version, then that's not critical (but those who might get there accidentally would see a scary warning in their browser).
Feel free to point your hosters to this thread if they have any questions! As far as I can tell, at the moment you don't need to do anything urgently, and again, please don't request removal of the HTTPS site if you want to keep the other version in search.
|Re: [WMT-39400] Squarespace Sites and SSL certificate Subject Name||Johnny Blood||5/3/14 10:55 AM|
Funny, Squarespace is encouraging me to remove it. I'm glad I asked.
|Re: [WMT-39400] Squarespace Sites and SSL certificate Subject Name||RyanJones||5/5/14 7:59 AM|
Curious, what would happen if somebody robots.txt blocked HTTPS but not http? Same thing?
The reason I ask, is I have some clients who refuse to allow any server side scripting or .htaccess files on their server for what I think are terrible "security reasons" - making 301 redirects virtually impossible.
Also of note, putting a canonical on your https version that points to your http version - does NOT work. I've tried/tested that. Google still shows the https version.