Google has been crawling sites via HTTPS for some time. However, more recently Google has changed some messaging in their Google Webmaster Tools, relating to sites that use SSL. This change has caused some confusion. We want to reassure you nothing is broken or insecure on your website, and your viewers will not see any ill effects.
If you are not using SSL, or have a custom certificate that matches your domain, your site should not be affected. (Although it is still possible you have received a notification from Google Webmaster Tools). The message includes a warning that your site host name does not match your SSL certificate subject name.
Nothing has changed recently in the WP Engine configuration with regard to SSL certificates, and it’s important to understand that Google is not saying that your site is insecure. Rather, they are saying that the SSL certificate does not match your domain name.
This is because WP Engine provides a wildcard SSL certificate for all wpengine.com subdomains. For most sites, this is not affecting normal browsing, although you may see a warning in your browser if you attempt to view your site via HTTPS.
Please rest assured, we’ll keep working towards a solution that does not generate these emails, and we will update you as soon as anything changes.
Note: If you would like to refresh your understanding of HTTPS & SSL, please see our Support Garage article.
Looks like this is related to my unresolved ticket from a few days ago (212903). What about sites that do have SSL certificates – why are they still showing the *wpengine.com certificate and getting the email from Google?
Max,
Unfortunately, since there are links out there to your site’s *.wpengine.com domain, Google’s crawlers are also trying to verify the SSL certificate for this domain as well. In order to redirect to your primary domain, the system has to negotiate an SSL connection via the *.wpengine.com certificate (which is appropriate for the domain the request came in on), and thus there’s again a mismatch between the site’s domain and the site’s certificate, which generates the warning in Google Webmaster Toolkit.
Our engineering team is actively working on some ways to know which certificate is the correct to serve, but we wanted to try to clear things up for folks now while we continue working on a solution and discussing this with Google.
There has been talk recently (especially in SEO circles) about advantages of converting a site fully to https. I’m curious if that is also something WP Engine is working towards, or if we could already do so. I don’t have the need to yet, but I’m sure if that’s the case, it will some up sometime down the road. 🙂 Thanks.
Steve,
We’re definitely paying close attention to the SEO discussions around HTTPS. It’s still unclear how that’s all going to play out, but we’re preparing to support our customers needs.
We don’t recommend people move their whole site behind HTTPS at this point in time, as there is still a lot of ambiguity on what the SEO impact on that would be, but if it’s something you need for your business, we can support your site even if it’s all SSL.