Estimated reading time: 3 minutes
Google decided not to trust certain SSL certificates and they set a cutoff date that is approaching soon. We advise everyone to do the following easy steps to see if your site is affected. The resolution is a simple support ticket to get the SSL reissued, followed by a couple of emails.
NOTE: Chrome 70 is the version that will “Distrust” certain GeoTrust & Symantec SSL certificates but is currently not scheduled to be released until September 2018.
How to check your SSL:
- Use your Chrome browser on a computer and open up your website in secure mode (HTTPS).
- Now open Developer Tools (Windows click F12, Mac Command+Shift+i)
- and select the “Console” link/tab.
- If you see warnings like this “The SSL certificate used to load resources from https://YOURSITE.com will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.” ** YOURSITE.COM is a placeholder. This is where it would say your actual domain name.
- If you see warnings for other sites but not yours, you’re ok.
If your SSL is affected:
- If your site is hosted with Miva open a support ticket with them here: https://support.miva.com/supportsuite/index.php?/Tickets/Submit and you can use this as your message:
Hi Miva Support:
Our site _______YOUR DOMAIN NAME_________ is a affected by Google’s distrusted SSLs. We get the following error in the console on Chrome:
“The SSL certificate used to load resources will be distrusted in M70. Once distrusted, users will be prevented from loading these resources. See https://g.co/chrome/symantecpkicerts for more information.”
Can we start the process to re-issue our SSL please?
Billing CC: __CREDIT CARD TYPE__ ending in ####
YOUR DOMAIN NAME
YOUR COMPANY NAME
- If you do not know who hosts your site or would like us to help please open a support ticket with us by sending an email to firstname.lastname@example.org
9/2018 UPDATE: Google Search Console Notifications:
Google Search Console has been sending out notice indicating: ‘SSL/TLS certificate needs to be replaced”
If you have already corrected this problem, you can ignore this message. Thank you for making your website safer for your users.
To fix this problem:
Replace the SSL/TLS certificate
If you run your server: Contact your CA to obtain a new certificate and install it on your server. Follow the instructions from DigiCert, who is managing the transition for all affected Symantec customers. If you purchased your certificate through a third-party reseller, rather than Symantec, you may need to contact that reseller to obtain your replacement certificate free of charge.
If you don’t run your server: Contact your hosting provider to resolve the issue. Tell your hosting provider that the SSL/TLS certificate for your site is distrusted and needs to be renewed.
Here is an additional link Search Console provides. Replace Your Symantec SSL/TLS Certificates
GoDaddy uses Starfield as their certificate authority (CA) and is passing the tests. You can run verify your site at Why Not Padlock which will provide you additional information on your certificate.
June 2019 Update:
This is a very good article to read though as well by Amir Farid: HTTP to HTTPS Migration The Definitive Guide