Google warning - regarding SSL config


(Edward) #1

I have a working cloudways letsencrypt.org SSL certificate for roofvents.com, and it gets an A+ rating from SSL Labs However, it does not support “non-SNI” browsers, which is what Google uses to check SSL certificates. Therefore, Google sees my certificate as “Self-Signed” and sent the following error:

To: Webmaster of https :// roofvents .com/

Google has detected that the SSL/TLS certificate used on https:// roofvents. com/ is self-signed, which means that it was issued by your server rather than by a Certificate Authority. Because only Certificate Authorities are considered trusted sources for SSL/TLS certificates, your certificate cannot be trusted by most of the browsers. In addition, a self-signed certificate means that your content is not authenticated, it can be modified, and your user’s data or browsing behavior can be intercepted by a third-party. As a result, many web browsers will block users by displaying a security warning message when your site is accessed. This is done to protect users’ browsing behavior from being intercepted by a third party, which can happen on sites that are not secure.

If you have already replaced your TLS certificate, you can ignore this message. Thank you for making your website safer for your users.

This is bogus, but Google counts SSL scores in site ranking. This could not be fixed for shared hosts, but the cloudways IPs are not shared, are they? The IP address of my server is only my IP address, so it could be configured to use my letsencrypt SSL certificate for the fixed IP of that server, I have no other applications on it. Can Cloudways support do this for me, or can I get the root password for my server so I can do it? Please let me know. I’m also curious how other admins have dealt with this, and if other s have gotten this message and ignored it. I searched but didn’t find this topic.


(Gulshan Kumar) #2

This may be a temporary issue due to missing SSL for a moment. It shouldn’t come again.


(Edward) #3

Thank you. Just after I wrote this, I realized I had not set the default app for the server. I have done that now, so even a non-SNI capable browser (Which I learned includes Google’s bot) should see the proper SSL certificate. We’ll see if this works. I’ve been looking for a way to test this from my windows machine, and haven’t found a good solution. If you have a suggestion (a browser simulation, or very old browser I can download) I’d appreciate it.


(Gulshan Kumar) #4

You can check here https://www.ssllabs.com/ssltest/


(Edward) #5

Yes, I have checked there, and my rating is A+, but there are still browsers that show “No SNI”, and show red, which could mean that the browser is getting only a “Self-signed” certificate, rather than the proper one. I would still like to test what an old browser, and the Googlebot sees.


(Gulshan Kumar) #6

Try Fetch as Googlebot using Search Console.


(Edward Bernstein) #7

Ah! That’s what I was looking for! Thank You!