Google continues to force users move their websites under SSL certificates. To improve security or to get more money from paid ones? That’s not the point, as in any way setting up SSL for your website is definitely a good idea. It’s not just about a green bar to the left of your address & search bar, but also one of the necessary security measures to be sure that your data won’t be stolen by anyone.

The beginning of HTTPS era

Around 3 years ago, Google’s search engine started to give some so-called “search privileges” for websites with enabled HTTPS connection. In other words your search results more likely showed websites with SSL certificates. Besides that they were more likely to be in the top of it.
As they said: “Over the past few months we’ve been running tests taking into account whether sites use secure and encrypted connections as a signal in our search ranking algorithms. We’ve seen positive results, so we’re starting to use HTTPS as a ranking signal. For now it’s only a very lightweight signal – affecting fewer than 1% of global queries, and carrying less weight than other signals such as high-quality content…” You can read about this in their blog.

HTTP / HTTPS policy nowadays

And here comes a rumble! Starting from July 2018, Google Chrome will mark all non-HTTPS websites as insecure, just like they planned in September 2016.
Starting with Chrome 68, when you visit a website that uses old, boring, insecure and just really not interesting HTTP connection, your Google Chrome browser will show “Not secure” message to the left of your search & address bar.
Chrome‘s new interface will help users understand that all HTTP sites are not secure. We’ll continue to move the web toward a secure HTTPS web by default.” – Google explained.
On this picture you can see how users will be alerted on non-SSL websites.
On the picture above you can see how users will be alerted.

SSL certificates that are no more in Google’s disgrace

More than that beginning from Chrome 66, that Google is going to release in April this year, when entering the sites with Symantec certificates issued before June 1st 2016 and after December 1st 2017 (and also if they are used as root ones – such certificates were issued by Thawte, GeoTrust and RapidSSL), Chrome will show a warning about insecure connection.
And beginning from Chrome 70, released in November this year, all Symantec certificates will get in Google’s disgrace. Mozilla corporation will add the same behavior to Firefox starting from version 60 (releasing in May 2018).

Good to know

Based on the information from StatCounter Chrome browser holds ~56% of the global browser market across all mobile and desktop platforms. So those websites, which will get under Google’s “Not securе” label, will be in kind-of-a-trouble. Why? Because a great army of Chrome users very likely will notice that. It’s hard to earn trust and confidence, but it’s very easy to lose, especially when one of the biggest world’s conglomerates says that users cannot trust your website anymore. 🙁
By the way, according to Google statistics: 81 from 100 top websites use HTTPS by default; over 68% of Chrome traffic on Android and Windows occurs over HTTPS; over 78% of Chrome traffic on Chrome OS and macOS and iOS surfs the net securely.
If your website is still working without SSL certificate you should think about getting one and installing it! And you should do that quickly if you don’t want to lose majority of networks traffic. By the way, in one of our previous posts we’ve shared an Ansible playbook for fully automated setup of free Let’sEncrypt certificate on your website. Go check it out!
We’ve have also developed a script for automated update of LetsEncrypt SSL. It will automatically trigger the updates process when the cert is going to expire. Contact us if you’re wondering how it works or you just want to use it!

The Author