SSL Not Functional
Google's crawler tried to access your product landing page or checkout page via HTTPS and encountered an SSL/TLS error. This could be: an expired certificate, a certificate that doesn't match the domain, a self-signed certificate not trusted by browsers, TLS version mismatch (outdated TLS 1.0/1.1), or mixed content (HTTPS page loading HTTP resources). Shoppers' browsers will show warning screens or block access entirely — Google doesn't serve products pointing to insecure sites.
SSL not functional / Site not secure [link]Impact: SSL issues cause immediate disapproval of all affected product pages. Google requires HTTPS for all Shopping landing pages and checkout flows. If your certificate is expired, misconfigured, or uses an untrusted authority, every product URL returns as disapproved until the certificate is fixed. For checkout pages, SSL failures also violate Google's security policy and can trigger account-level flags.
Root Causes
- 1Your SSL certificate expired and auto-renewal failed — the most common cause, especially for Let's Encrypt certificates that require active renewal.
- 2Domain mismatch — certificate issued for www.yourdomain.com but the product URL uses yourdomain.com (or vice versa) without proper Subject Alternative Name (SAN) coverage.
- 3Certificate authority not trusted — using a self-signed cert, an expired root CA, or a cert from a deprecated CA.
- 4Mixed content — HTTPS page loads HTTP images, scripts, or iframes. Browsers (and Google) flag this as 'not fully secure'.
- 5Outdated TLS version — your server only accepts TLS 1.0 or 1.1, which Google and most browsers no longer trust. Modern servers must support TLS 1.2+.
Fix by Platform
- 1Shopify provides free SSL for all stores automatically. If SSL is failing, first check: Shopify Admin → Settings → Domains. Look for red warnings next to your domain.
- 2For custom domains: ensure your DNS records (A record and CNAME for www) point to Shopify's IP addresses. Incorrect DNS prevents Shopify from issuing/renewing the SSL certificate.
- 3If the warning says 'SSL pending': DNS may have been misconfigured. Update your DNS records per Shopify's instructions (shops.shopify.com → Domains → [domain] → Connect existing domain), then wait 24–48 hours for SSL provisioning.
- 4For a 'certificate invalid' error: Shopify auto-renews certificates, but domains that have been unavailable (server down, DNS errors) during renewal attempts fail. Remove and re-add the domain in Settings → Domains.
- 5Test your SSL: visit ssllabs.com/ssltest/analyze.html?d=yourdomain.com — aim for an A or A+ grade.
When This Doesn't Apply
Check your store now
Free compliance scan — 47 rules checked in minutes.
Frequently Asked Questions
How often do SSL certificates expire?+
Commercial certificates typically last 1–2 years. Let's Encrypt (free, most common) certificates last 90 days and require renewal every ~60 days. If auto-renewal isn't configured, certificates silently expire and cause sudden disapprovals. Best practice: set up auto-renewal (cron job or managed service) and monitoring to alert you 14 days before expiration.
My certificate is valid but SSL Labs gives me a B grade — is that a problem?+
A B grade usually indicates outdated TLS versions (1.0/1.1 enabled), weak cipher suites, or missing security headers. Google accepts B-grade SSL for landing pages but it's worth improving to A or A+ for long-term reliability. Fix by disabling TLS 1.0/1.1, enabling only strong ciphers (ECDHE+AES), and adding HSTS headers.
What's mixed content and how does it affect Google Shopping?+
Mixed content is when an HTTPS page loads resources (images, scripts, iframes) over HTTP. Browsers block or warn about mixed content, and Google's crawler treats mixed content pages as 'not fully secure'. Fix: update all resource URLs to HTTPS. Many platforms have tools to automate this (Shopify's built-in HTTPS enforcement, WooCommerce's 'Really Simple SSL' plugin).
How quickly do SSL fixes propagate to GMC?+
Once your SSL is fixed and validated via ssllabs.com, Google re-crawls affected landing pages within 24–48 hours. Products typically re-approve within 3–7 business days. For persistent issues: request a manual review in GMC after verifying your SSL is functional — this sometimes speeds up re-approval.