Categories: Crawling, indexing & ranking :

Site host name and SSL cert subject name mismatch - how to tell Google not to crawl HTTPS site?

Showing 1-9 of 9 messages
Site host name and SSL cert subject name mismatch - how to tell Google not to crawl HTTPS site? Gabriel (gbl08ma) 4/30/14 11:43 AM
I have read the FAQs and checked for similar issues: yes, I found similar issues, but none quite like this...

I just received a message from Webmaster Tools saying that the "Site host name, https://accounts.tny.im, does not match your SSL certificate Subject Name".
I have the top domain tny.im registered on webmaster tools. tny.im has a proper SSL certificate, correctly configured, and is hosted on a server of mine. accounts.tny.im, however, is on the free OpenShift tier, and as such I can't configure a custom SSL certficate on it.
On tny.im (and everywhere else I control), I do not link to accounts.tny.im over https. All links are http://, and this is on purpose: accounts.tny.im can't be served over HTTPS, precisely to avoid the mismatch between rhcloud's common certificate and the custom domain name.
I can't tell OpenShift to stop serving accounts.tny.im over HTTPS, either (well, I could make some changes to the code, to have it not serve the page over HTTPS... but the server would still listen on 443, possibly causing other problems with Googlebot?).

accounts.tny.im will eventually be moved to its own server and I'll get a cert for it, but this is not the case right now.

How can I make Google ignore that accounts.tny.im can be accessed through HTTPS, in order to avoid this situation? I'm afraid of getting that site marked as insecure or something because of this mismatch, which only happened because Google apparently decided it was a good idea to test HTTPS access.
Re: Site host name and SSL cert subject name mismatch - how to tell Google not to crawl HTTPS site? Robbo 4/30/14 5:29 PM


Hi

If you are able to update the .htaccess in the root of your domain on the Apache server, you should be able to set up a conditional permanent redirect (301).

Basically, in the htaccess, you have a few lines of code which checks whether the request is made using https, and if so 301 redirects the request to the same URL but using http.


Robbo
Re: Site host name and SSL cert subject name mismatch - how to tell Google not to crawl HTTPS site? Gabriel (gbl08ma) 5/1/14 2:57 AM
I tried to put up such a redirect on the htaccess. Unfortunately I can't make it work, perhaps there are some other settings set on OpenShift that I can't control and stop my mod_rewrite rules from working.

Even if I could make it work, since the HTTPS handshake and cert verification takes place before the redirect (I think), won't Google still complain?

I just received another email saying the same thing as yesterday's. This isn't nice, especially if Webmaster Tools decides to spam my inbox every day...
Re: Site host name and SSL cert subject name mismatch - how to tell Google not to crawl HTTPS site? Robbo 5/1/14 3:34 AM


The method I proposed usually works OK in terms of ensuring that https URLs are not indexed instead of http.


I cannot see the 403 that you are referring to, and I'm not sure at what point Google detects the mismatch.


But note that it is NOT google that generates the 403 -  response codes come from your server.   So under what precise circumstances is the 403 generated? 
Re: Site host name and SSL cert subject name mismatch - how to tell Google not to crawl HTTPS site? Gabriel (gbl08ma) 5/1/14 7:49 AM
Of course you can't see the redirect. The rewriting rules are there, but as I said on my previous reply, "Unfortunately I can't make it work". Rules set by the OpenShift system must be overriding/conflicting with my rules, because on a "normal" Apache test instance they work. I can't find any information that says .htaccess doesn't work on OpenShift, in fact I only find the opposite (documentation saying it does work), and in fact most rules seem to work.

And I know response codes come from the server, and not the client (googlebot in this case).
Re: Site host name and SSL cert subject name mismatch - how to tell Google not to crawl HTTPS site? PamS1234 5/2/14 5:51 AM
Hi Gabriel and Robbo,

I have two sites that are doing exactly the same thing. Google has sent us the message and has even taken it as far as to index and consider our homepage more relevant with the https than the http version. 

So Robbo, you are saying to just 301 the https://www.mysite.com/     to    http://www.mysite.com/   ?

I certainly do not want to mess anything up with our site and that sounds like a big deal to do something like that, especially when we do not know the outcome.  I have set in place the canoical = http://www.mysite.com" letting Google know I consider that page more relevant, but not sure if that is gonna work. I have also heard that a lot of people are experiencing this issue. Is that true?


Re: Site host name and SSL cert subject name mismatch - how to tell Google not to crawl HTTPS site? PamS1234 5/2/14 3:31 PM
Has anyone else experienced this in the last week or so?

Re: Site host name and SSL cert subject name mismatch - how to tell Google not to crawl HTTPS site? Robbo 5/2/14 4:07 PM


My understanding is that what has changed recently bis that google is notifying webmasters of the anomaly - i.e. the issue itself has been there in the background all along.


I have a site which has a 3 https pages and the rest of the pages are http.

I enforce the mode of access (including crawl) using a combination of htaccess and PHP .

But the details of sites differ so I am hesitant about being too prescriptive about the "best" way for anyone else's site.


If your domain has a valid SSL certificate and can be accessed with http and with https, it should be possible to enforce the way you want it.
Re: Site host name and SSL cert subject name mismatch - how to tell Google not to crawl HTTPS site? Robbo 5/2/14 4:15 PM
Pam

If you do decide to use 301 redirection to enforce http, make you do it so  that each individual page is redirected (ie do NOT redirect all https requests to the home page., but rather to each specific page.


if you need further help, it would be better to open your own thread as we generally deal with sites separately to avoid confusion.