Google Merchant Center SSL Error: How to Fix HTTPS Issues (2026)

Updated: March 2026 • 8 min read

SSL certificate errors are a serious issue for Google Merchant Center merchants. Google requires all shopping destinations — particularly checkout pages — to use HTTPS (SSL/TLS encryption). If your website has an SSL error, an expired certificate, or pages accessible only via unencrypted HTTP, your Merchant Center account can be suspended for checkout not meeting security standards, or for misrepresentation.

This guide explains what SSL errors look like from Google's perspective, how to diagnose them, and the steps to fix them.

Why Google Requires SSL/HTTPS

HTTPS (Hypertext Transfer Protocol Secure) encrypts the connection between a visitor's browser and your website server. For ecommerce merchants, this is critical because customers enter sensitive information — names, addresses, payment details — during checkout. Without encryption, this data is vulnerable to interception.

Google Shopping requires that all landing pages (the pages customers reach by clicking your Shopping ad) and especially checkout pages use HTTPS. Google's crawlers check for:

• A valid SSL/TLS certificate installed on the domain
• The certificate not being expired
• The certificate matching the domain (no domain mismatch errors)
• All checkout pages served over HTTPS, not HTTP
• No "mixed content" warnings (HTTPS pages loading HTTP resources)

Types of SSL Errors That Affect Google Merchant Center

1. Expired SSL Certificate

SSL certificates have a validity period — typically 1 to 2 years (or 90 days for free Let's Encrypt certificates). When a certificate expires, browsers show a security warning, and Google's crawler treats the site as insecure. An expired certificate is the most common SSL issue merchants face.

How to identify: Visit your website in a browser. If you see "Your connection is not private," "NET::ERR_CERT_DATE_INVALID," or a padlock with an X, your certificate has likely expired.

2. Domain Mismatch

A certificate issued for one domain (e.g., www.example.com) may not cover another (e.g., example.com or shop.example.com). If visitors access your site at a URL not covered by the certificate, they'll see a security error.

How to identify: Check the certificate details in your browser (click the padlock icon). Verify that the certificate covers all the domains and subdomains your store uses.

3. Certificate Not Trusted (Self-Signed)

Some hosting setups use self-signed certificates — certificates not issued by a trusted Certificate Authority (CA). Browsers and Google's crawlers don't trust self-signed certificates, treating them the same as no certificate at all.

How to identify: Browser shows "Your connection is not private" with "NET::ERR_CERT_AUTHORITY_INVALID."

4. Mixed Content

Even if your site has a valid SSL certificate and loads via HTTPS, individual resources (images, scripts, stylesheets, fonts) may still be loaded via HTTP. This creates "mixed content" — a partially insecure page that browsers may flag.

How to identify: Open your browser's developer tools (F12) and check the Console for mixed content warnings. You may see "Mixed Content: The page at 'https://...' was loaded over HTTPS, but requested an insecure resource 'http://...'"

5. HTTP Instead of HTTPS on Checkout Pages

Some merchants have a valid SSL certificate but haven't properly configured their server to redirect HTTP to HTTPS. As a result, some pages (especially older ones or dynamically generated URLs) may be accessible via HTTP. Google's crawler may access these HTTP versions, which fail the HTTPS requirement.

How to Diagnose Your SSL Issues

Step 1: Check Your Website URL

Type your website URL in a browser and see what happens. Does it automatically redirect to HTTPS? Does the padlock show as secure? Try accessing http://yourdomain.com (without the S) — does it redirect to https://yourdomain.com?

Step 2: Use an SSL Checker Tool

Several free tools check SSL certificate validity, expiry date, and coverage. Search for "SSL checker tool" and enter your domain URL. These tools report:

• Certificate expiry date
• Certificate authority (issuer)
• Which domains/subdomains are covered
• Chain of trust (whether the certificate properly chains to a trusted root CA)

Step 3: Check for Mixed Content

With your website open in Chrome, open Developer Tools (F12 or Ctrl+Shift+I), go to the Console tab, and reload the page. Look for any mixed content errors or warnings. Also check the Security tab in DevTools for an overview of your page's security status.

Step 4: Test Your Checkout Pages Specifically

Google is particularly strict about checkout pages. Walk through your entire checkout process — cart, shipping, payment, order confirmation — and verify that every step uses HTTPS and shows no security warnings.

How to Fix SSL Issues

Renewing an Expired Certificate

If your certificate is expired, contact your SSL certificate provider or hosting company to renew it. For free Let's Encrypt certificates (used by many hosting providers), there's often an option to set up automatic renewal to prevent future expirations. Check your hosting control panel — many providers offer one-click SSL renewal.

Fixing Domain Mismatch

Get a certificate that covers all domains and subdomains your store uses. Options include:

• A wildcard certificate (covers *.yourdomain.com and all subdomains)
• A multi-domain (SAN) certificate that lists specific domains
• Ensuring your canonical domain (the one in your Merchant Center) is properly covered

Also ensure that your Merchant Center website URL matches exactly what the certificate covers — including whether it's www or non-www.

Replacing a Self-Signed Certificate

Replace any self-signed certificate with one from a trusted Certificate Authority. Free options like Let's Encrypt (via your hosting provider) or paid certificates from providers like DigiCert, Sectigo, or Comodo are all trusted by browsers and Google. Contact your hosting provider for instructions specific to your setup.

Fixing Mixed Content

For each mixed content warning in your browser console:

1. Identify the HTTP resource URL
2. If it's on your own server, update the reference in your code from http:// to https:// (or use protocol-relative URLs like //)
3. If it's an external resource, check if the provider offers an HTTPS version (most do)
4. If the provider doesn't offer HTTPS, consider hosting the resource yourself or replacing it

For WordPress sites, there are plugins that automatically convert HTTP references to HTTPS. For other platforms, this is usually done by updating configuration files or database references.

Forcing HTTPS Redirects

To redirect all HTTP traffic to HTTPS, you typically need to configure your server. Common methods include:

• Apache (.htaccess): Add redirect rules to your .htaccess file
• Nginx: Configure a server block that redirects HTTP to HTTPS
• Cloudflare or CDN: Enable "Always Use HTTPS" in your CDN settings (easiest option for many merchants)
• Hosting control panel: Many hosting providers offer a "Force HTTPS" toggle in their control panel

Updating Google Merchant Center After SSL Fix

Once your SSL issues are resolved:

1. Verify the fix by checking your site in a browser and running an SSL checker tool
2. Go to Google Merchant Center and re-verify your website if the verification was affected by the SSL issue
3. Submit a reinstatement appeal explaining the SSL issues and how you fixed them

In your appeal, be specific: "Our SSL certificate had expired on [date]. We have renewed it through [provider] with an expiry date of [new date]. All pages now redirect from HTTP to HTTPS and no mixed content issues exist." For appeal writing tips, see our appeal guide.

Preventing Future SSL Issues

• Enable auto-renewal: Most hosting providers and certificate authorities offer automatic renewal. Enable this to prevent future expirations.
• Set calendar reminders: If auto-renewal isn't available, set a reminder 30 days before your certificate expiry date
• Monitor with uptime tools: Tools like UptimeRobot or StatusCake can monitor SSL certificate expiry and alert you before issues occur
• Use Cloudflare or similar CDN: These services manage SSL automatically and add an additional layer of protection

Related Issues to Check

SSL errors often occur alongside other technical issues. While fixing SSL, also check:

• Checkout not working
• Website unreachable errors
• Complete suspension fix checklist

Frequently Asked Questions

Does my entire site need HTTPS or just the checkout?

Google's minimum requirement is HTTPS on checkout pages. However, Google also recommends (and increasingly requires) HTTPS across your entire site. Having HTTP pages on product listings that link to HTTPS checkout can create a jarring user experience and may still be flagged in some cases. Use HTTPS site-wide — it's the standard for modern websites.

I have a valid SSL certificate but Google still shows an SSL error — why?

Check for the specific issues: mixed content, HTTP pages not redirecting, certificate chain issues, or a domain mismatch. Also verify that the URL you've registered in Merchant Center exactly matches your actual website URL (including www vs. non-www).

How long after fixing SSL will Google recheck my site?

Google may re-crawl your site within days of submitting an appeal, but the full review process can take 1-3 weeks. Don't resubmit multiple appeals — wait for the review to complete. See our reinstatement timeline guide for more details.