Someone tweeted an interesting question about merging domains and SSL certificates. The question was whether it was necessary to keep paying for an SSL Security Certificate for the old domain.
Here is the question:
Merging 2 sites 301 redirect.
Old site A will be merged to new site B
Do I need to continue to pay for for an SSL Cert for site A?
Would appreciated any help with this. @rustybrick @glenngabe @bill_slawski @MrDannyGoodwin @brodieseo @dr_pete @Marie_Haynes @dannysullivan
— SEO Raccoon Ireland 🇮🇪 (@SEORaccoon) March 4, 2020
It’s not an easy to answer question. It’s technical because it deals with how browsers and search robots deal with secure links and redirects and the order in which those are processed.
People who chimed in took a guess at it but there didn’t seem to be a consensus as to the best way to do it.
MOz’s Dr. Pete suggested to keep paying for the old SSL in order to help Google understand the migration:
You might want to while the redirects are processing and Google is migrating to the new pages, but if Site A is 301-redirecting, then the SSL cert for Site A doesn't come into play, best I know.
— Dr. Pete Meyers (@dr_pete) March 4, 2020
It was then suggested that when a browser opens an HTTPS link it first checks the validity of the SSL certificate and then sees the redirect, in that order.
John Mueller then stepped in and confirmed how browsers and Google handled this situation:
“Browsers definitely need the certificate for HTTPS, even if you’re just redirecting.
Search engines can probably deal with it, but if there’s a chance the old URL is shown to users, just keep the certificate live too. You can get certificates for free nowadays.”
Mueller hedged his answer about how Google handled this site merge scenario by saying “probably.”
John Mueller subsequently added:
We usually recrawl URLs at latest every half year, so a year gives you min 2 rounds, which is a good starting point. Even without certificate, I'd try to keep the domain name for the long run to prevent spammers from picking it up.
— 🍌 John 🍌 (@JohnMu) March 4, 2020
But he was unambiguous about how browsers handled it and suggested switching to a free SSL certificate for the old domain.
Keeping an SSL certificate active on the old domain sounds like a good way to hedge against unforeseen issues regarding user experience and search engines.