SSL for Google?

Hi,

I have had an ecommerce site with an SSL certificate for many years because I have a shopping cart, etc.

However, I want to put up a new website that will not be an ecommerce site so should not need an SSL certificate from that perspective. But I have some vague awareness that Google will not show results for a website that does not offer SSL, whether or not it is an ecommerce site? I see most sites, these days, with https in the url and I assume that it is some form of SSL? Is it the same type of expensive SSL certificate that I need to get for my ecommerce site, or is it a lesser, less expensive type of SSL?

Sorry, but I know very little about this. Thanks.

 

Mainly there are 3 types - domain, organization and extended validated SSLs. Read more here for ex https://www.namecheap.com/security/ssl-certificates/
All hosts offer free domain validated SSLs - from LetsEncrypt or Comodo/cPanel - for Google they are very ok.

 

Thank you! Very helpful!

 

Google WILL index a non-SSL site, HOWEVER over time keyword ranking WILL drop. NOT directly because of Google though.

The real problem began a year ago in July when Google Chrome began BLOCKING all non-SSL sites. Since Chrome has over half of the browser market, that means little or no keyword boosting. When the links in the Google index are not followed, slowly but surely the site will drop in the SERPs eventually dropping low enough that no one can find the pages.

How do I know this? HARD EXPERIENCE. I had no SSL on my site so last July my inquiries FELL OUT OF BED OVERNIGHT. I did not think much of it then as my sales over the last 40 years have ALWAYS tanked in July followed by a terrible August. When inquiries from my site did not pick up in Sep, Oct, Dec, etc I knew SOMETHING was wrong but was UNABLE to find the problem. Finally last May (10-1/2 months after Chrome began shafting me) I found the problem. Took me weeks to get SSL on my site. 24 hours after installing SSL, my inquiries went from 1 to 2 per week to 3 to 5 per DAY. What a RADICAL change!!!

Why did I have no SSL on my site? First, because my site is an information site, not an eCommerce site. Secondly, Google Console said my site had NO SECURITY issues making me think that SSL was a waste of time.

Another thing I noticed is that over the last year my average position in the SERPs had dropped from position 7 on the first page to position 9. If I had not put SSL on eventually I would have completely dropped off of the first page. My click throughs had also dropped from 12% to 10%.

The first thing I did was buy SSL from GoDaddy and install it. DID NOT WORK OUT. I could NOT EVEN ACCESS MY OWN SITE. So, uninstalled it. Then GoDaddy said they could install LetsEncrypt on my site for $175 per year. That is over double what GoDaddy was charging for GoDaddy SSL. GoDaddy would not allow me to install LetsEncrypt myself. After weeks of searching and comparing I finally moved my site off GoDaddy to a host that offered free LetsEncrypt as part of their hosting plan. So far everything is working smoothly and more importantly my sales inquiries AND product sales have increased about 700% since I made the switch. Went from losing money to actually starting to dig myself out of the Google Chrome hole. Google Chrome damn near bankrupted me.

Basically, for UNDER $200 I got 3 years of hosting, SSL, and everything else that I needed. Getting exactly the same thing from GoDaddy would have cost about $900. Upon renewal in three years my cost will double at my new host, but that is still less than HALF of GoDaddy's cost for the same thing. Too early to tell whether I switched to the right hosting company, but even if I didn't I now have time (and money) to move on if need be.

One thing I did learn is that not all SSL certificates are equal. I only needed DV, however MOST DV certificates BLOCK ME FROM ACCESSING MY OWN SITE. The ONLY DV certificate that I could find that would not block me from my site was LetsEncrypt. One downside to using LetsEncrypt is that the certificate must be renewed EVERY 90 DAYS. That can be a pain because if it is not renewed, then the site is no longer SSL enabled. Most hosts have a hands off approach to LetsEncrypt, but there are a few that AUTOMATICALLY renew the certificate as part of the hosting plan. My new host does that for me.

My suggestion is to use LetsEncrypt for DV since it works almost everywhere. If you need EV or OV, you cannot get it from LetsEncrypt. Any other certificate from any other provider will block a significant chunk of visitors, so unless you NEED to go elsewhere, just use LetsEncrypt.

I also suggest that one use a hosting provider that allows LetsEncrypt, or better yet, AUTOMATICALLY renews the LetsEncrypt certificate for you. Not may do this yet, but as time goes on I suspect even a die-hard like GoDaddy will be forced to offer free automatically renewed LetsEncrypt certificates.

Bottom line, DON'T buy an expensive certificate unless you need an EV or OV certificate. LetsEncrypt DV certificates do exactly the same thing as other expensive DV certificates, so no point in buying a DV certificate at all.

 

I route my sites through Cloudflare to secure them. Chrome doesn't block them but I don't really know enough about SSL at the moment to speak to the various certifications that mmerlinn mentions. The sites do get https:// and the method I use is no cost.

 

As of now Https is one of google's ranking factors. If you want your website to rank high on the SERP stick with SSL.

 

Great post above. Very thorough... Agreed, you will get indexed WITHOUT https, but it is known to be a ranking factor. It's worth it.