Remove HTTPS site from Google search index because users are getting a certificate error

google-search-console web-hosting https google-index iis

7,948

Solution 1

I'm very surprised that Google is indexing the HTTPS pages with a broken certificate. Google usually prefers the HTTPS site if they both work, but I've never seen it prefer HTTPS when there is a broken cert.

Another solution would be to implement rel canonical link tags that point to the HTTP version. Every page on your site should have a tag pointing to its HTTP URL:

<link rel="canonical" href="http://example.com/my/page.html">

Once those tags are in place they would tell Google that the URL for the page that should be indexed is the HTTP version. One of my sites uses these tags pointing to HTTP. Google indexes the HTTP version.

Solution 2

If you want Google to drop the https version from SERPs, you either need to do 301 redirect to proper site or throw 404s for https requests.

Redirects are somewhat better, because your users will get what they want even if trying to access your site via https links. "Somewhat" because your goal should be to move your site to https only, and 301 http.

Best case would be to launch mirror version of your website on https, add canonical tags to http pages (pointing to their counterparts on https), then, after googlebot takes notice of canonicals, do hard 301.

Solution 3

So, Google has indexed your website pages with HTTPS, which means your are either using a shared hosting with HTTPS or else you might have used a self -signed SSL certificate on your server.

HTTPS decreases website speed is just a myth, but actually, it increases website speed compared to its HTTP version. Take the HTTP vs HTTPS speed test.

Check your Configuration, if there is any SSL installed in your shared hosting then you must either remove it or else convert all your HTTP URLs into HTTPS.

If you have used any Self-signed SSL certificate, then remove it from your server, get an SSL certificate from a Trusted SSL certificate Authority and install it on your server.

Make sure to apply 301 rediertion.

Solution 4

It would be much smarter to fix the certificate for secured sockets than removing it from analytics and there are many ssl options that are free such as certbot.eff.org which lets you run on many platforms for free. I’m unsure about IIS since that is outdated windows technology that isn’t recommended these days. If you have asp pages I’d recommend migrating to WordPress or if you have need to have more programming than that then use PHP. Happy coding

Solution 5

I found this question because I have the same exact issue, with the same exact webhost, media temple. This seems to happen a lot with their service, but they consistently deny it has anything to do with them or their configuration.

Anyway, I'm correcting by adding the canonical URLs to the head of my documents, and I recommend you do the same.

Edit: Whoever 'corrected' my wording, please don't. Your 'correction' was incorrect.

View more solutions

7,948

rumi

Updated on September 18, 2022

Comments

rumi over 1 year

We have a busy website where we never used SSL. Recently its indexed by Google as https://www.example.com. The users are getting security certificate errors.

In google webmaster tools we can only remove the relative URL. For example, any thing after http://www.example.com.

I am using IIS 6.0 to host the site .net website.

I have seen similar posts here and there and almost all of them recommend a redirect. I don't want to set up a redirect as it will slow down the site loading. I guess I would also need to setup a new website on IIS with HTTPS protocol and then do the redirect to HTTP site?
- Stephen Ostermiller over 7 years
  
  It sounds like your server is actually running HTTPS protocol already. If it weren't, the site wouldn't work at all under HTTPS. You must have some default SSL configuration install such as a self-signed certificate. That would explain the errors to users while still serving the content to users (or crawlers) that are willing to ignore scary security warnings.
- Arne Kröger over 7 years
  
  It would be far more valuable to you and easier to fix your certificate problem.
- MrWhite over 7 years
  
  "In google webmaster tools we can only remove the relative URL." - Yes, but you should verify the property for https://www... - then it's a relative URL on that property. However, you probably don't want to "remove" these URLs, unless perhaps the non-HTTPS page is already indexed.
- SnakeDoc over 7 years
  
  You say you have a busy website. Buy yourself a $9.99 per year SSL Cert from NameCheap or something similar, and be done with it!
- jpmc26 over 7 years
  
  HTTPS is usually not enough overhead to avoid using it, and the privacy gains are enormous. And it's basically required if you handle any sensitive info, including passwords. How many requests per second do you get?
MrWhite over 7 years

"Redirects are somewhat better, because your users will get what they want" - although the user will still first see the browser's invalid certificate warning.
Stephen Ostermiller over 7 years

Only until Google updates the index and stops sending visitors to HTTPS. 301 redirects will cause Googlebot to stop indexing the HTTPS version soon.
riseagainst over 7 years

Not completely related to the question, but for what reason would you have both http and https (I'm asking because I truly don't know). Are there any issues in just 301 all pages?
user630 about 7 years

@riseagainst imagine you run a hosted blog platform on myblogservice.com. Every blog URL is something like userblog.blogservice.com, and you secure them all with a single wildcard cert. Of course some bloggers want a custom domain, which you can accomplish easily by having them add a CNAME record on www.userblog.com pointing to userblog.blogservice.com. But now, if a blog reader goes to https:// www.userblog.com, the server will try to serve the connection using the *.blogservice.com cert, causing the name mismatch error. But a 301 would ruin the 'custom domain' experience.