You have until July to Install SSL or Google will mark your site “Not Secure”
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

You have until July to Install SSL or Google will mark your site “Not Secure”

Chrome 68, due out in July, will warn users about HTTP sites.

The time has come for all websites to migrate to HTTPS. You have until July when Chrome 68 releases.

If you’re a regular reader you know that we’ve been talking about this for a while. Google has also pushed the date back a couple of times trying to avoid the massive disruption that will occur when websites start getting labeled, “Not Secure.”

If you haven’t been following, here’s what you need to know:

Google and the rest of the browsers have been working on this for a long time. Last year Google and Mozilla began the push towards universal encryption by changing the UI on their browsers. In addition to the padlock icon, any website with SSL is marked “Secure.”

The idea was that website owners would gradually adopt SSL as more and more features were being taken away.

The browsers also began marking HTTP sites “Not Secure.” This was done more gradually. The warnings started out just warning users when they were about to enter a password in an unencrypted field. Then in the Fall they turned up the volume even more and started marking any HTTP page with text fields “Not Secure.” Now, with the release of Chrome 68 in July, Google is cranking it up to 11. Any website served via HTTP is going to get the “Not Secure” indicator.

Chrome 68 Warning

What’s the Big Deal with HTTPS?

HTTP is ancient by computer standards. It’s a protocol for communication and it worked fine for a while. Unfortunately, HTTP is not secure. When you make an HTTP connection with a website that connection is not secure. That means that anyone can eavesdrop on the connection and steal or manipulate any data passed back-and-forth.

HTTPS is secure. When you make a connection with a website the data being sent is encrypted. That essentially makes it worthless to anyone without the corresponding key. Beyond security, HTTPS also blocks ISPs from injecting ads on your website, it is faster and performs better than HTTP and, finally, you have to have encryption in order to use HTTP/2, which is becoming more widely adopted by the day.

What do I need to do?

You need to install an SSL certificate and migrate your website to HTTPS. Before you order one though, take stock of what you need to secure. You may just have a single domain or you may have something more complicated like sub-domains or even multiple domains, in which case you’ll want to find the right certificate. Don’t worry, there’s a diverse set of offerings that cover just about every use case.

Next you’ll need to migrate to HTTPS, you can do this by changing the protocol in your URLs to HTTPS, then using 301 redirects. You may also want to take the time to add your website to HSTS preload list.

Either way, the key takeaway is that you have until July to get an SSL certificate, lest you anger Google.

And trust me, no one wants to cross Google.

  • The key take away is google is forcing all website owners to dish out $100+ for https to satisfy their own personal opinion. A site is NOT insecure if it collects zero data. Many blog sites do just that and they don’t make enough to justify the extra expense. Google needs their butt sued of for malicious false information. Contrary to popular belief google does not own the web.

    • As I’m reading up about it, I just came to your conclusion, Joe. My site doesn’t collect any data, it plays videos and is a blog but I don’t want Chrome users to get a warning screen and potentially not come to my site because of it. I just shelled out about $100 for this service that I TECHNICALLY don’t really need. Boo.

  • This is a good development because it’s all about security which is very key to protecting our websites

  • Let me play devil’s advocate…
    I’m browsing a website which happens to be hosted on the same server as a very bad site… Say adult porn or worse… If the site is secure, nobody can tell which content I selected to receive from the server. I don’t care if I’m trying to cook a roast or rip off a roast, I don’t want anyone but the website owner knowing what content I viewed. Also, you can find free website certificates. They may not give you some million dollar guarantee, but they will guarantee Google will get off your back.

  • I agree with Joe in that Google is forcing everybody to get the SSL certificate for their sites. But I guess it’s a good thing to have to keep our websites protected. I got a free SSL through Siteground for my blog.

  • Siteground is a HORRIBLE host. I used them. No SSL is free. F Google. I really hope they get broken up. They are an enemy of humanity and especially creative people. Their arrogance is off the charts.

Leave a Reply

Your email address will not be published. We will only use your email address to respond to your comment and/or notify you of responses. Required fields are marked *

Captcha *


Patrick Nohe

Patrick started his career as a beat reporter and columnist for the Miami Herald before moving into the cybersecurity industry a few years ago. Patrick covers encryption, hashing, browser UI/UX and general cyber security in a way that’s relatable for everyone.