Google is now sending some webmasters notifications when their SSL/TLS certificates do not match their domain names. The new notification was first spotted by @MediaWyse.
It had the subject, “SSL/TLS certificate does not include domain name,” with the message:
Google has detected that the current SSL/TLS certificate used on [domain] does not include [domain] domain name. This means that your web site is not perceived as secure by some browsers. As a result, many web browsers will block users accessing your site by displaying a security warning message. This is done to protect users browsing behavior from being intercepted by a third party, which can happen on sites that are not secure.
I’d expect to see more flavors of these SSL/TLS warnings from Google and for Google to become stricter about the ranking boost for HTTPS sites.
Currently, HTTPS errors don’t affect whether the site gets an HTTPS ranking boost, even if it isn’t valid; if it is on an HTTPS URL, it would get the boost. But these notifications show two things: (1) Google wants to notify webmasters when there are issues with their SSL/TLS certificates; and (2) Google is aware of it. Meaning, I’d suspect, that in the future, Google will update their HTTPS algorithm to not give the ranking boost for pages that have SSL/TLS issues.
Here is a screen shot of the notification:
Zineb from Google did confirm Google is sending these notifications, saying, “[W]e are now letting users know about issues with their TLS certs.”