I received an email from Google this morning with the following message:
Google has detected that the current SSL/TLS certificate used on https://www.r2western.com/ does not include https://www.r2western.com/ domain name. This means that your website is not perceived as secure by some browsers. As a result, many web browsers will block users accessing your site by displaying a security warning message. This is done to protect users’ browsing behavior from being intercepted by a third party, which can happen on sites that are not secure.
I'm not sure what I need to do with this information. I also have https://r2western.com added to the search console, but did not get the same message for that iteration. It alos appears that when I type https://r2western.com into the browser, it redirects to https://www.r2western.com.
I don't seem to be getting any warnings on Chrome or Edge when I go to https://www.r2western.com so I'm wondering if I need to be worried about this message.
Hey R2 Western,
Based on the information you've provided, it sounds like you haven't added the www-version of your custom domain to your domains section in your admin (Sales Channels > Online Store > Domains).
Try following the directions in the screenshot above, and if you're still having any issues, I would recommend reaching out to our Support team so that we can take a look at your specific account/store.
Hope this helps! :)
Stephen - I have been having this issue since our store launch on June 2. The issue is with Windows XP, IE8 and other older browsers using the Let's Encrypt SSL that Shopify began using earlier this year for all stores.
I have made support clearly aware of this and how to fix it many times over the past month, but I was told that you guys no longer support Windows XP and basically, there is nothing you guys will do about it. Now, I do realize Windows XP is an older O/S but there are still many people around the world using this operating system. Even if it's 1% of our users, that could be over 1,000 people a day being blocked. For bigger sites, even more. Out of those 1,000 people, I'm not only losing that traffic but also potential sales.
For Shopify sites using the pre-Let's Encrypt SSL of "Digi Cert", the problem does not exist.
There is a fix for this known issue with Let's Encrypt SSL certificates.
This was fixed back on March 25 (see here: https://letsencrypt.org/upcoming-features/ )
This is the ridiculous response I got back from support:
"Thanks for sharing that. I went and explained your situation to my escalated team to discover something new - our platform does not support IE8! The latest version we support is IE9 and higher, and unfortunately it doesn't seem to be something we plan on changing.
I completely understand that the issue with IE8 is not ideal for you, but I do promise you that almost no one uses this browser anymore. I have heard rumours that one could get an SSL through third parties and have them added on to their Shopify store to help this, but I would have no idea how to go about implementing that (since it's completely unsupported by Shopify)."
Any help would be greatly appreciated for myself, and every other store on Shopify that is using the Let's Encrypt SSL you guys force upon us (I already asked if I could buy my own SSL and have it installed, and was told that it is impossible to do unless I am on the Enterprise plan which I have zero need for).
I don't know if this will help anyone, but when I contacted Shopify support they looked into my domains. They said that everything was setup correctly and that this may have been a false positive on Google's end.
I have not received the error again since it first happened. But support said to contact them directly if I saw the error again.
I'm worried about a false positive on Google's end, as you might get penalized for having a bad cert (even if it's correct technically)
With that said, after I posted this, I noticed shopify said my cert was invalid and I redid the ssl process, so I think perhaps at first launch they may have messed something up, but then fixed it.
Take what support says with a grain of salt.