Has your website’s SSL certificate expired recently? Well, if it has, hopefully you’ll have renewed it by now, but you may have seen a change in user behaviour during that time.

At Hallam, we regularly run tests on different search engine ranking factors to measure result fluctuations in SERPs. However, these are planned tests. The one we are discussing in this blog happened unintentionally. is a secure website, but on the 11th February 2016, we found out that our SSL certificate had expired.

Don’t worry, we’ve now renewed it. But for a period of around 24 hours, our website didn’t have an SSL certificate.

So, being a digital marking agency, we thought we would take the opportunity to analyse any effects it had on user behaviour, and in turn rankings during that time.

First, what do users see if your SSL certificate expires? They get this pretty alarming message:


The message received when a website is unsecure

If you were to be presented with this message when accessing a site, would you still proceed?

For the purpose of the investigation, we decided to analyse only organic traffic, and the sessions when the homepage was the landing page. The reason for this is for consistency in user behaviour measurements. Two of the metrics that are more likely to be affected are the average session durations and bounce rate. We have taken a closer look at these.

User Behaviour

Average Session Duration

On the below image, the average session duration on the 11th February is highlighted with a red circle. Unsurprisingly, it has the 2nd lowest time at 1min 08secs in the month of February:

Graph showing the average duration if visits to a website

However, as duration times regularly vary depending on day of the week, we decided to look at data from Thursdays specifically in 2016 to see if there were any significant differences. As you can see, the dwell time was lower on the 11th compared to the other dates analysed:

Graph showing the average session durations on thursdays

Bounce Rate

When you view the below graph, you can see that the bounce rate (sky blue line) on the 11th Feb remained unaffected. The bounce rate percentage reported was not out of the ordinary:

Graph showing the bounce rate of visitors on a website

With the average session duration dropping, it would be natural to assume the privacy message was a contributing factor. However, for this to be true, the bounce rate would have increased as visitors would not have engaged with the page due to them failing to get past the privacy message.

User Behaviour Conclusion

Although we are having to dig quite deep to see any real changes in user behaviour, and taking into consideration that these fluctuations in the data may have nothing to do with the privacy message, it would be wrong to dismiss it altogether.

As user behaviour is a ranking factor for search engines, we decided to see if there were any changes in the organic visibility of the Hallam website in the week following the SSL certificate expiration.

Does an SSL Certificate Affect Rankings?

In 2014, Google confirmed that having an SSL certificate will give your website “a minor ranking boost.” So we reviewed our organic visibility and rankings during this period to see if any negative effects were evident.

The graph below is from Search Metrics and shows a significant drop in organic visibility shortly after the expiration of the SSL certificate:

Graph showing the organic visibility of a website

When looking at MOZ visibility and ranking graphs, we see similar drops:

MOZ ranking and visibility graphs


Although user behaviour changed slightly during this time, it’s highly unlikely to have led to a visibility drop of this nature. So, could this be a result or punishment for no longer having an SSL certificate, albeit for only 24 hours?

For the purpose of the article, I would like to say ‘yes, this is almost certainly the reason’. Unfortunately, I cannot.

In reality, the change in organic visibility we witnessed is echoed by many other SEOs and is more likely to be the real-time changes made now that Penguin and Panda have been added to Google’s core algorithm.

The key takeaway is to try and avoid getting into this situation in the first place. We were fortunate, as were able to address the matter within a few hours. However, many business owners or marketing managers don’t have the luxury of being able to react quickly to these issues.

Every SSL certificate has an expiration date, and there are tools available that will ensure you are sent regular reminders when you approach that date.

Although user behaviour was not significantly affected on that particular day, it may have been a different story if the warning message was shown to visitors for a week, or even longer. It would be at this point when we would start being concerned about the effects on rankings.

One response to “Expired SSL Certificate: How Does It Affect User Behaviour?”

  1. User and clients would believe that you are not taking web security in a serious manner. As a result, the business and web traffic will badly suffer.

Leave a Reply

Your email address will not be published. Required fields are marked *