Optimal SSL Solution?
-
I am in the process of moving all of my client's websites to HTTPS. I have a client with an SSL certificate through GoDaddy for an e-commerce site, and my host WP Engine offers them for $50/year each. This has been fine, but now I am trying to move about a dozen sites over and I'm just trying to figure out the best, most ideal way possible to do this. I could just go through WP Engine and pay them for the certificates, but after doing research on different SSL providers, I've totally confused myself. I have seen a wide range of prices for certificates, but I can't tell if it's just BS or there is actual value. I'm talking about a $10 certificate vs a $250 certificate through Symantec.
Aside from that, I have found a few different types of certificates: single domain certificates, wild-card certificates for subdomains, and a multi-domain certificate. I would love to buy one multi-domain certificate that covers all of my websites - but I'm not sure what the pros and cons are of doing this, specifically in regards to SEO. Can anyone explain what the pros and cons are for these in my specific situation?
I'd love to hear any recommendations for my situation, and if there is something else I am missing that is important, please share!
-
By the way, I buy my certificates here: https://www.namecheap.com/
In my opinion from a visitor perspective, to move in and out of ssl during a visit is bad; they would notice something is changing and average visitor wouldn't understand. So I would go for a 100% https. If you google about it you will find a lot of testimonial saying moving everything from http to https didn't have much impact in terms of performance. In my opinion the bad name of https is all coming from ages ago when protocols and hardware were not very good at managing it.
-
I probably had at least 5 more phone calls with people about SSL yesterday after I posted here. Ends up WP Engine overestimated the time, and they think it'll add less than half a second which I can deal with. I also learned that the certificate won't really affect speed.
I decided to allow my clients to choose which route they want to go with, a $50 SV from GeoTrust, a $300 EV from GeoTrust, or a $1000 EV from Symantec. I explained to them the main difference between the $300 vs $1000 option is really just the name, and how visitors trust the brands.
My next dilemma is whether or not to go 100% HTTPS. I am leaning towards it - I just don't know if it's overkill or not. I'm assuming 100% is the long-term ideal route. If, for example, I have an e-mail opt-in in the footer or sidebar of all my pages, I guess it'd be best to secure all of the pages then. I'm assuming the only negative is a possible reduction in load time?
Thanks a lot for the awesome responses. I really feel like I'm getting a much clearer picture of this whole situation.
-
How much you pay for the certificate has nothing to do with performance.
Google doesn't want your website to load under .25 seconds, they never gave a specific number above which they penalize or below which they prize. The general consensus is a TTFB (time to first byte) below 1s is ok, below .5s is great.
Keepalive is standard for browsers and servers these days, page load under https will be affected only by the initial handshake.
I never used wpengine, I have no idea how https is going to impact a website hosted on their platform, they should know if they have other customers who moved.
In my experience with the websites I moved from http to https the performance didn't degrade at all, both TTFB and full page load stayed the same, TTFB under .4s and page load below 5s; but no one of these websites were using either WP or shared hosting.
-
Thank you very much for that response, and for the links. I just finished reading through that Moz article in it's entirety. Between that and your response, I agree that the EV sounds like the ideal certificate to go with. Now here are my new questions:
Now I want to get an EV Certificate and I want to go 100% HTTPS site-wide, as these seem to be the most ideal combination, especially long-term for SEO. I just finished a long phone call with WP Engine regarding this situation. While they resell RapidSSL Certificates, they do not offer EVs. I can still buy one from someone else and bring it over though. When I told him I want to go 100% HTTPS, they told me they can help me but it will add an increased load time because the site needs to make the handshake everytime a page loads. Right now my site loads at .1 seconds (WP Engine rocks!) and I don't really care if it doubles with 100% HTTPS. However, he told me it will add 1-2 seconds. That sounds like a lot to me. We went back and forth on this alot, but he stuck to it that generally it will add 1-2 seconds.
I noticed that Symantec sells $1500/yr SSL Certificates. The higher up you go in the tiers, the faster the speed, at least they claim. In this case, does this mean if I want my site to still load at .1 seconds with 100% HTTPS I have to pay $1500/yr? If so, that leads me to this question: how is it possible that Google wants your site to load under .25 seconds, yet they want your site to be 100% HTTPS? I mean, if I have to pay $1500, it is what it is, and that will definitely separate the big boys from everyone else - and my clients might be fine with that. But something else is leading me to believe that something in this overall equation is not right - I must be missing something or have something wrong here.
-
10$ vs 250$, the only differences are the brand selling them and their customer service, the brand theoretically affect conversions, if you believe your visitors are going to check the certificate authority and trust one more than another, I don't and I wouldn't go for the more expensive.
But I would go for the EV certificates, just because the browsers will show the website company name just before the url, and I have the impression that does instill trust. But it's just my opinion and googling around you can find opposite views on the subject.
single domain, wildcard or multi-domain, again from a technical perspective are all the same; multi-domain sounds very attractive but do have few drawbacks, first whenever a user check the certificate only one company name and one domain is listed, for all domains the details will be the same; furthermore (and more important) to use UCC certificates you also need a webserver supporting SNI, not all web servers do, and last but not least you need visitors using browsers supporting SNI (which rules out anyone still using windows XP and anyone with old browser versions)
with regard to SEO, are all the same, it's not the certificate by itself which matters, but to follow the right procedure when moving from non-ssl to ssl: http://moz.com/blog/seo-tips-https-ssl
Got a burning SEO question?
Subscribe to Moz Pro to gain full access to Q&A, answer questions, and ask your own.
Browse Questions
Explore more categories
-
Moz Tools
Chat with the community about the Moz tools.
-
SEO Tactics
Discuss the SEO process with fellow marketers
-
Community
Discuss industry events, jobs, and news!
-
Digital Marketing
Chat about tactics outside of SEO
-
Research & Trends
Dive into research and trends in the search industry.
-
Support
Connect on product support and feature requests.
Related Questions
-
If I optimize for a long tailed keyword, will I also catch the short keywords within it?
Say my long tailed keyword has three words in it that I also consider keywords. Will I catch the searches for those short keywords, or just the long tailed keyword phrase?
Algorithm Updates | | Scratch_MM0 -
Does my website need the SSL Cert / HTTPS Update?
So, I own a car shipping company called Car Shipping Carriers ( www.carshippingcarriers.com ) and I am trying to find out if I need the SSL Cert / HTTPS for the site. I attached a picture that shows I dropped a HUGE amount of rank back in the beginning of August 2014 and that the SSL/HTTPS update happened at nearly the exact same time. I do have a quote box on my website asking for: Name, Phone, Email, Origin, Destination, Move Date, Year/Make/Model of Vehicle, and Carrier Type. I was unsure if I needed the HTTPS because I am not asking for sensitive data, but it seems that I might need to bite the bullet and update the site to HTTPS. What do you all think? Any expert opinion and/or advice? JWV4N1o
Algorithm Updates | | Dutko23850 -
What is the best SEO solution for pagination?
Dear all, What is the best SEO solution for pagination? for example, what code do I need to put on these individual pages? /page-1 /page-2 /page-3 (final page) Thanks!
Algorithm Updates | | HMK-NL0 -
Google+ Local Optimization
What are the recommended ways to optimize the Google+ places page for clients. Do services like louder voice and customer lobby help? I'd love to get the group's opinion on what strategies are working for them on local optimization.
Algorithm Updates | | SEO5Team0 -
SinglePlatform's Restaurant Menu Across Web Properties vs "SEO-Optimized"
Surprised I wasn't able to find an existing answer given that SinglePlatform apparently serves 500,000 SMBs with menus that appear on over 150 publisher websites. Given Panda's razor-sharp intolerance for duplicate content, am I safe to assume that any claim of SinglePlatform's menu on a local restaurant being beneficial to your SEO is now spurious? If so, what's best way to handle this as a potential SEO liability while still having one of their nicely formatted restaurant menus on your site? For reference: http://www.openforum.com/articles/using-singleplatform-to-build-a-digital-presence Update May 7, 2012 Connected directly with the folks at SinglePlatform, and the answer here is a lot simpler than my over-thinking of it. The menu usually sits within an iFrame or widget so that's that. But the ability to truthfully show an up-to-date menu for any given establishment is a legit way to address the healthy amount of local search intent that seems to be directed at exactly that. Overall a pretty slick platform, looking forward to seeing how they grow into the SMB, local & mobile in the coming months, I think the space is ripe to benefit from products/services that take advantage of these sorts of economies of scale.
Algorithm Updates | | mgalica0 -
Title Tags and Over Optimization Penalty
In the past, it was always a good thing to put your most important keyword or phrase at the beginning of the Title Tag with the company name at the end. Now according to the over optimization penalty in the Whiteboard Friday video, it seems to be better to be more human and put the company name at the beginning with the keyword or phrase following. Am I understanding this correctly?
Algorithm Updates | | hfranz0 -
HTML5: What changes in tag optimization?
Can anyone shad som light on on page optimization for HTML5? Does google already taking the new section tag in consideration? How about heading? I read somewhere that now Google can digest multiple H1 heading. Is that true and is that recomended? Thanks a lot
Algorithm Updates | | dadaseo0 -
Today all of our internal pages all but completely disappeared from google search results. Many of them, which had been optimized for specific keywords, had high rankings. Did google change something?
We had optimized internal pages, targeting specific geographic markets. The pages used the keywords in the url title, the h1 tag, and within the content. They scored well using the SEOmoz tool and were increasing in rank every week. Then all of a sudden today, they disappeared. We had added a few links from textlink.com to test them out, but that's about the only change we made. The pages had a dynamic url, "?page=" that we were about to redirect to a static url but hadn't done it yet. The static url was redirecting to the dynamic url. Does anyone have any idea what happened? Thanks!
Algorithm Updates | | h3counsel0