Google Search Console says ALL my HTTPS urls have failed but

Hello Community!

Google Search Console in Page Experience says ALL (1000+) of my HTTPS urls have failed as of 7th April

I’ve been on CF free plan for 2 years and not had any issues up until now. (Will probably upgrade to a paid plan)

  • I have a valid SSL cert on the origin server and the Cloudflare shared SSL on Cloudflare.

  • In CF’s SSL/TLS - I have FULL end-to-end encryption - as set up 2 years ago

  • Always use HTTPS is on - as set up 2 years ago

  • In Screaming Frog SEO Spider, all my URLS are httpS - and always have been.

  • in Cloudflare’s Health Check, httpS urls get a green tick

  • DNSSEC was missing but has been added (today). Everything now gets a green tick.

  • Using GSC suggestion to find the alleged http urls - none can be found.

  • Yesterday I spent 7 hours in Dreamweaver changing all the relative URLS on the website (100,000s) including images to absolute URLs including the httpS:// protocol - hoping that this will force the httpS

After 2 days of trying unsuccessfully to find out why I’m now wondering if it is perhaps HTTP/2 that Cloudflare has recently added automatically to free accounts?

http/2 is devoid of the ‘S’ - so could this be the explanation and/or should I disable it?

This is the only thing that has changed. Yesterday/Today is the first time in 2 years that I’ve actually checked through all the CF settings, so I have not changed anything either here or on my website (except the relative urls to absolute yesterday)

In Cloudflare’s Origin Performance - it says:

  • HTTP/1 (no S) 39%
  • HTTP/2 (no S) 52%

I’d really appreciate help / suggestions on this please as after 2 days of Googling I’m getting nowhere fast. The good thing is that I discovered the missing DNSSEC setting and CF’s Health Check.

Thank you in advance.

… More Info - for completeness and to hopefully save your time in asking.

  • The website in question is functioning perfectly. If I hadn’t have seen the big red FAILED in Google Search Console I would not have known that there was (according to Google) an issue.

  • There is an entry in the .htaccess file that forces http > https - has been there for 5/6 years - long before using Cloudflare.

  • The main TLD of the website is .UK. I also have .CO.UK and .COM that are set up in cPanel as domain aliases and are redirected to httpS://www.domain.uk

Thanks again.

And if you click Help, you see this:

Are they at least telling you the HTTP response code?

1 Like

Hello sdayman - thank you for your reply

No HTTP response codes in Google Search Console or CF - see screengrabs below.

  • In Screaming Frog all urls/images etc are shown as httpS and get a 2xx response code.
  • Following Google’s suggestions to find http urls - I can’t find any.
  • No http urls in Google analytics.
  • typing http in browsers redirects to httpS
  • padlock is present in browser address bar

Let me know if you need any more info.

Thanks again
Sharon

Sorry - I can only embed one screengrab

And this is from Screaming Frog (SEO Spider). I check the site at least once a week for issues etc.

Ah I think I’ve got it? - screengrab from Screaming Frog.

I’ve just googled Protocol-Relative Resource Links - and they don’t sound good.
If this is it will the fact that I’ve changed all relative urls to absolute sort it?
Note - I don’t link to anything unless it is httpS so why have I got them?
Sorry for the silly questions - I’m a tad frazzled

It looks like I’m having this issue too. I have just started on cloudflare in last few days though, so I though it was a teething issue. Now I’m not so sure. Hopefully by following the replies to yours it might give me an idea of what to sort too.

Hello sdayman and Chris156.

Reading up more on Protocol-Relative Resource Links - I’m sure this is the cause of my problem.
But don’t know why it’s just started this month.

As I changed all the relative urls to absolute yesterday I think (hope) I may have solved it - just have to wait until Google crawls the site again.

Unless anybody has any other comments or suggestions?

Good luck Chris with your problem.

Thanks and regards
Sharon

I’ve just rerun Screaming Frog and, having on Tuesday hard coded all the relative urls to absolute urls with https:// - literally everything, images pages the lot, I expected the ‘Protocol-Relative Resource Links’ to show zero but they haven’t - it’s still the same 35.71%.

Should this not have gone to zero? Or am I going mad? I purged the entire site cache in Cloudflare on Tuesday. Does this mean that I haven’t resolved the Google ‘FAILED’ httpS issue ??

Could I have some feedback please. Google has stopped sending traffic and I don’t want to be waiting for them to crawl the site only to find I haven’t resolved the problem.

Thank you.

… all the Protocol-Relative Resource Links from Screaming Frog are the entire HTML pages of the website - just the pages not images.

They are static .HTML pages (not php, no database), every single link (pages/images) is hard coded to httpS:// - took me 7 hours on Tuesday to convert from relative to absolute and there is not a single relative link anywhere on the website - I checked, double checked and triple checked.

Is Cloudflare doing something with the links, converting them back to relative ??

This is driving me mad. Feedback please ?

Thank you.

Google’s lack of transparency is disturbing. You and your visitors probably have no problem navigating all over the site with HTTPS.

Cloudflare wouldn’t do this on its own. It’d take a Worker, or some other setting, such as Transform rules. But that would mess up the site for human visitors as well.

Hold off on upgrading to a paid plan, as it’s not going to offer any solutions for this problem.

There’s really one hit on the error message, and it’s from just a couple of days ago:
https://support.google.com/webmasters/thread/106824024?hl=en

In your SSL/TLS → Edge Certificates section, what’s the Minimum TLS setting? Also, do you have TLS 1.3 enabled?

2 Likes

Hello sdayman

Thank you for your response especially as I don’t know whether this is a Cloudflare issue or not - but I have to start somewhere - Thank you!

  • Minimum TLS Version is: TLS 1.0 (default)
  • Yes, TLS 1.3 is enabled.

Other settings on this page:

  • Always use HTTPS - ON
  • HTTP Strict Transport Security (HSTS) - OFF (this is next on my to-do list when I figure out what it is)
  • Opportunistic Encryption - ON
  • Automatic HTTPS Rewrites - ON
  • Certificate transparency Monitoring - OFF

Thank you also for the link - just quickly scanning it and there is a comment about the (google)bot moving to crawling over HTTP/2 as a possible cause - Cloudflare has recently added http/2 to the free accounts which coincides with my problem.

Will read the post in full and add my two-penneth.

Thanks again and apologies in advance if this turns out to be nothing to do with Cloudflare.

Regards
Sharon

2 Likes

Have just seen this
https://support.google.com/webmasters/thread/106824024?hl=en&msgid=107315143

Brian UsseryGold Product Expert

11 min

I have looked at 5 or 6 of these over the past few days.

All have Cloudflare certificates.

All score a B and have SNI issues like only working in browsers with SNI support like

https://www.ssllabs.com/ssltest/analyze.html?d=timelovefamilyme.com&s=172.67.193.130&latest

Basically multiple sites with multiple certs on the same IP which require SNI support to get correct cert. Without SNI support there is no cert/ wrong cert / IP not accessible and/or not secure. Another problem is if DNS IP is cached and changes.

While main Googlebot may get it right other systems may not.

According to Google you should “make sure your web server supports SNI and that your audience uses supported browsers, generally. While SNI is supported by all modern browsers, you’ll need a dedicated IP if you need to support older browsers.”

-How To Secure Your Site with HTTPS | Google Search Central

https://www.cloudflare.com/learning/ssl/what-is-sni/

1 Like

@chris156 - You’ve beaten me too it. Was just above to add the post.

Do we need to get a dedicated SSL Cert on Cloudflare which presumably would be on a dedicated IP?

Not sure I’ve fully grasped this point yet - feedback please.

Sidenote - I’ve resolved the “Protocol-Relative Resource Links” issue - was AddThis

1 Like

Thanks Sharon7, re AddThis - I use ShareThis - I will check that out.

Re feedback - Im not sure - Im going to have to check options - shared hosting, dedicated SSL, SSL on cloudflare, dedicated hosting.

@chris156

re AddThis

look for: src="//s7.addthis.com/… and update to src="https//s7.addthis.com/…


Just ran my site through ssllabs.com and get a B on all 4.
In the grand scheme of things don’t know how bad a B is.
Yet more research to do.

Feedback please anyone ?

More from Brian Ussery on the Google Support forum - refered to above

“There is a difference between encrypted SNI that Cloudflare uses and regular SNI technically if you are not using TLS 1.3 it is not secure”

In SSL Overview > Traffic served over TLS: 8% is TLS 1.2 | 92% is TLS 1.3

Does that mean that the 8% TLS 1.2 is not secure?
And if so, is this what Google is picking up on?

No. The need for a dedicated IP for TLS is historical. Essentially all browsers have supported SNI for over a decade.

This is due to your configuration supporting legacy TLS. Change the minimum to TLS 1.2 to avoid being penalised on the SSLLabs test.

2 Likes