One or the other webmaster or website operator may be wondering why the own website has dropped a huge drop in the search engine ranking.
That means that the ranking has deteriorated massively. This can become essential, especially for online shop operators. The causes for this can be very diverse. Mostly, however, changes in the search engine algorithms are responsible for this.

In the past it was almost exclusively about keywords and content, today many more factors play a role when it comes to SEO. In addition to the mobile suitability of the website, the performance (website speed) and the security of the website play a very important role. Of course, security also includes SSL certificates, which ensure that communication between the client (the visitor's browser) and the server (where the website is hosted) is securely encrypted.

One or the other may have noticed something of the "war" between the browser providers and the issuers of SSL certificates. It looks like this dispute has been settled and everyone has agreed on quasi-standards.
The many different types of encryption play a first fiddle here. Not all SSL certificates are created equal. There are some important things to consider today and webmasters or even more server administrators are well advised to deal with this.

Since the whole thing also falls into the field of SEO, I would like to give you a few tips today on how to configure the SSL certificate correctly to get an A.

The cyphers play a particularly important role here. The Cypher configuration determines which encryption methods the server accepts and which it does not.
While it was only recently that the server listed all cyphers that it accepts, this has become a lot easier today. But you have to know.

By default, the servers are all incorrectly configured with regard to SSL today. The distributors do this to ensure backward compatibility, but that is exactly what the search engines and browser manufacturers do not want. They are primarily concerned with security and so they have agreed to only support secure encryption methods.

Outdated encryption offers less security and so a website can only get an A-grade from SSLLabs if the insecure and outdated encryption methods are all thrown overboard.

They accept that many people with older systems and browser versions can no longer access the corresponding website.
You can test your SSL certificates here.
https://www.ssllabs.com/

After analyzing the website, a rating will be displayed. We see A+, A, B, C, D, E, etc. Everyone should of course strive for an A grade. A is the best grade a SSL certificate can have (A+ is better but not must have). Websites with B, C, D, F or even G have bad ranking scores. If it is an absolute niche website, where there is little competition, a bad SSL rating can also good rank into the SERPS. However, if the website has a lot of competitors, an A grade minimum is required!

The worst grade I've ever seen is a T grade.

---

The server admin obviously had absolutely no plan here. His certificate is self-issued, has expired and contains all possible errors.
Since this is a former customer of mine, I obviously can't name the website. All I know is that he canceled the domain because he had ZERO sales in the last 6 months. If he had stayed with us, he wouldn't have these worries :-).

In terms of weighting, I would say that a correct SSL certificate alone makes up ½ of the trust that a website enjoys with the search engines. With a bad SSL certificate you can only exist in an inanimate niche.

The trust drops exorbitantly with every lower grade. If a B grade is still acceptable, a C grade is very bad and a D grade is a disaster. As I said, I've never seen a T. The domain has also already been de-indexed and no longer exists during the search. We see here a virtual suicide, so to speak, caused by a lack of knowledge or laziness.

Especially in SEO, a very strong willingness to learn is required here. Anyone who does not keep up to date here has bad cards as a service provider. Nobody pays for this constant further education. That has to happen of its own accord. If you don't have this, you should look for another job, otherwise you will maneuver your customers into ruin.

I know all known SEO agencies in Germany and over 50% of them only have a B or C SSL grade with their own website. There's nothing to add here.
Since SEO services are very cost-intensive, there are a lot of "specialists" on market with old knowledge from the 90s. They bring the SEO industry into disrepute with their lack of understanding for the matter.

As we can see here, Steemit.com has a B grade:

Steemit.com could do a little more here too. If we want to the moon, we should use SEO too and what i write here is very important.

So the witnesses should also benefit from this post. So push a couple of Steem over to me 😊.

B for an SSL certificate means "OK" but not good! Give me access to the server and I'll give you an A.

Of course, I can only do the whole thing if you use Debian or Ubuntu, I never use other operating systems for root servers and that's why I only concentrate on Debian and Ubuntu. In my opinion, the two are by far the most stable systems for root servers, whereby Debian is even more stable than Ubuntu, but it is also very conservative with new packages and functions. I only use Apache as the web server for both. I don't care what others think about of other web servers. For me, Apache is the best and, above all, the most stable web server in the Linux world. An Apache doesn't knock over so quickly :-).

The good thing about configuring SSL is that it works across servers. No matter how many domains are on it, once correctly configured it applies to all domains that share the same IP on the (hardware) root server. In virtualized environments this doesn't work globally or would be much more complex.

The topic is relatively simple, you just have to know it 😊.

The whole thing is configured in this file:

/etc/apache2/mods-enabled/ssl.conf

In some systems there will be a lot of entries. If we want an A or better an A+, then we configure only this Encryption and Cypher Suite:

SSLProtocol             all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite          SSLCipherSuite HIGH:!aNULL:!MD5
SSLHonorCipherOrder     on
SSLCompression          off

Updated 11/29/2020

This means that we accept all encryption methods except those which are excluded here with a minus sign.

Thats all.
The configuration can only be done via SSH. Don't try it via SFTP. There you will only see a simlink (alias)

After making the change, don't forget to restart the web server prozess, not the physical Server.

---

Some claim that it won't work with Let's encrypt's free certificates. However, this is wrong. All major browser manufacturers trust Let´s encyrpt 100% today.

Let's do an A, or even an A + or better😊

If you have an A-rating from SSLLabs, it may be that some things (from outside) do not work as they did before. The blame then lies with the others. They still use old encryption and accordingly such servers cannot communicate with yours (which are modern and secure). A good example of this is GTmatrix. This super service provider only has a B-rating itself and therefore you can no longer test your websites there. I wrote to the webmaster of GTmatrix and pointed this out.

For the sake of completeness, we have to say that a server that has received an A grade will very likely have one or the other problem in the near future when it accesses services that come from servers that are rated worse than A. In plain language this means: Secure servers reject connections from insecure servers.

Even the Google servers and their SSL certificates currently only have a B grade, as of today. Here is a screenshot as evidence.

We were very surprised. After all, it is precisely Google from which web security is enforced.

Hello John Müller @google, you are the face of Google for us! Bring the SSL certificates from Google up to date. Then there are fewer problems with some API-based things for us webmasters.

11 Tipps für neue STEEMIANS

Ave Atque Vale!

사랑은 나에게 신성한

My better search for STEEMIT: https://bit.ly/steemit-search