I got a call from one of my customers the other day, complaining that site y's pages were being indexed under site x, and they (understandably!) wanted it fixing.

It took a bit of working out as to what is happening, but this is what I found out...

The server in question hosts a number of sites on the same IP address, and some of these sites make use of a technology called Server Name Indication (SNI) to use https: on it as well. It seems that Google BOTS now search for a response for a site via https: so for a site which doesn't support it, it uses the default https: website for that IP address.

So the undefined, encrypted version of the website is handled in exactly the same way that an undefined website would be handled over http: - which is logical.

The solution is pretty simple: make sure that you redirect all https: requests for your website to http:

For nginx ( it looks like you need to provide a cert/key pair - I just use a self signed one )

server {
listen <my.ip>:443 ssl;
server_name example.com;
server_name www.example.com;
ssl_certificate ssl/dummy.crt;
ssl_certificate_key ssl/dummy.key;
return 301 http://www.example.com$request_uri;
}

And for apache

<VirtualHost *:443>
ServerName example.com
ServerAlias www.example.com
RewriteEngine On
RewriteCond %{HTTPS} on
RewriteRule (.*) http://%{HTTP_HOST}%{REQUEST_URI}
SSLEngine on
SSLCertificateFile ssl/dummy.crt
SSLCertificateKeyFile ssl/dummy.key
</VirtualHost>


The alternative is to buy a cert ( you can easily get them for under US$10/yr ) and fall in with Google's master plan to migrate the internet to https:

Maybe that's the intention?