Mixed up URLs following SSL certificate


(LJ) #1

This query is about 2 of my sites: kingsmileflorist.co.uk (a retail florist) and gate-safe.org (a safe gate educational charity)

6 weeks back I moved kingsmileflorist.co.uk from http to https as I was adding e-commerce. I left it on my shared server with about 45 sites using the same IP address - as is normal for reseller packages.

Almost immediately, google search picked up the second site (gate-safe.org), incorrectly added an https to it, and then mixed up browser titles and description tags between the 2 sites. Here’s an example:

So, when searching for Kings Mile Florist in Canterbury, instead of the proper URL coming up, Google would show a load of these jumbled search results all with https://gate-safe.org which does not exist as a secure site.

Eventually I realised this was because the newly secured florist site needed it’s own IP address and I added this very quickly. Apparently this shouldn’t be the case but the SNI software that allows separate sites on the same IP address can cause this problem when using a single SSL certificate.

Within a week the proper URL appeared in search results again. However, 5-6 weeks later and Google is still showing both the proper URL and the mixed up one very high in the search results - which is damaging to both the florist and the charity as of course it looks ridiculous.

Is there any way of getting this manually removed? As an aside, the problem does not happen with Bing - only Google


(Doobox Software) #2

So the gate-safe site is http only?

If thats the case, I am not even going to wonder how Google is picking up the https links, but just show you a solution.

In the htaccess file for the gate-safe website just add these lines, that will redirect any https requests to http, and then both http and https links will work.

RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]

If your not sure about where to find htaccess file let us know, me or someone else can do step by step.

Note: Even with this in place, if someone tries to access one of your http pages on the site using an https link, as the site does not have an ssl certificate they will still get a warning in the browser informing them that the site they are trying to access does not have a valid certificate, but at least they’ll get there. As the warning is triggered before the htaccess is read.

Best bet. talk to your host, and find out what the hell’s going on. This seems really weird setup.


(LJ) #3

That’s a good point - thanks - I’ll add the htaccess to the gatesafe site shortly. Fortunately however, the mixed up URL only gets returned for a kings mile florist search - not for a gate safe one - at least it’s not high in the results.

It is very weird and my hosting company (who are always 10/10) have scratched their heads over it. It appears the problem lies with the SNI (Server Name Indication) software which attempts to identify the correct hostname and thus allow multiple certificates on one IP address. However, there was also a mistake in my htaccess script on the kingsmile site which may originally have had something to do with it.

One clear lesson is ALWAYS stick an SSL site on it’s own IP address! For £10 per annum it’s a small price to pay!