SEO implications of serving a different site on HTTPS vs. HTTP

dsbud

I have two sites: Site A, and Site B. Both sites are hosted on the same IP address, and server using IIS 7.5. Site B has an SSL cert, and Site A does not. It has recently been brought to my attention that when requesting the HTTPS version of Site A (the site w/o an SSL cert), IIS will serve Site B...

Our server has been configured this way for roughly a year. We don't do any promotion of Site A using HTTPS URLs, though I suppose somebody could accidentally link to or type in HTTPS and get the wrong website.

Until we can upgrade to IIS8 / Windows Server 2012 to support SNI, it seems I have two reasonable options:

1. Move Site B over to its own dedicated IP, and let HTTPS requests for Site A 404.
2. Get another certificate for Site A, and have it's HTTPS version 301 redirect to HTTP/non-ssl.

#1 seems preferable, as we don't really need an SSL cert for Site A, and HTTPS doesn't really have any SEO benefits over HTTP/non-ssl.

However, I'm concerned if we've done any SEO damage to Site A by letting our configuration sit this way for so long. I could see Googlebot trying https versions of websites to test if they exist, even if there aren't any ssl/https links for the given domain in the wild... In which case, option #2 would seem to mostly reverse any damage done (if any). Though Site A seems to be indexed fine. No concerns other than my gut.

Does anybody have any recommendations? Thanks!

mosquitohawk

The biggest concern in my mind would be possibly having duplicate content issues and a non-desired version of the page(s) indexed versus what you want.

I think if you have a lot of links to the non-SSL version and are using your SSL version as preferred (or vice versa) you're living a lot of link equity / juice on the table and that when you fix this issue you may see a nice jump in overall trust/ranking once you fix the issue and correctly 301 the non-preferred to preferred.

MikeTek

I would recommend option #1.

It's common for sites without SSL certs not to resolve properly at the HTTPS version of their URLs, and Google handles this fine.

You could pull the log files and take a look at how often Googlebot / other users request HTTPS versions of that site A's URLs, to determine if that SSL/redirect set up is necessary. But I would not anticipate any significant negative impact on traffic letting the HTTPS version of site A kick a 404 or server error.