Using a secure protocol is a bit like using a double-edged sword. It actually slows down the page load speed due to the encryption, which can have a negative impact on rankings if the slightly slower page load speed affects user behavior, that leads to lower page rankings.
Though the slightly slower page load speed isn’t likely to affect your rankings, it could be the proverbial straw that breaks the camels back in some situations.
Your issue was likely due to redirect issues that may not have been implemented properly and have since been corrected, or neglecting the canonical settings in your Search Console panel.
I agree that using secure protocol is not a significant ranking factor at the moment, however, there is a sea-change a coming.
Google has announced its intention of forcing all websites to switch to secure protocol or suffer major consequences. They have a long term plan that is being phased in gradually and the first blow is set to strike with the next release of Google Chrome this month.
It is no longer a future concern, it is an immediate concern for some websites, and the rest will follow in the near future.
This first step will label webpages as unsafe in the Chrome browser if they have a password or credit card form field on an insecure page. This is just the first step in a long term plan to label all websites that use insecure pages as unsafe. So it isn’t simply about rankings any longer, Chrome users will be blocked on the first attempt to load your pages.
Google has recently updated their websites to reflect their opinion that any page that has a form that asks for an email is requesting “sensitive” data and should be using a secure protocol. It is probably a matter of months before those too will begin to be labeled unsafe and be blocked by users of Chrome. This next step will likely affect 95%, or more, of the member websites on this forum.
I recently received this warning from Google:
|To the owner of [Redacted]|
Beginning in January 2017, Chrome (version 56 and later) will mark pages that collect passwords or credit card details as Not Secure unless the pages are served over HTTPS.
The following URLs include input fields for passwords or credit card details that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, and so you can take action to help protect users data. The list is not exhaustive.
The new warning is the first stage of a long-term plan to mark all pages served over the non-encrypted HTTP protocol as Not Secure.
That page is a product page, not a checkout page, it has no form field for credit cards, it does have a sign-in form with a password field for previous customers to log in to view previously saved products. So this is a warning shot across the bow, so to speak.
I don’t know the exact schedule, but it is clear now that we must at some point switch to secure protocol or suffer not simply from lower search rankings but also from a significant loss of credibility and traffic from all Chrome browser users. I’m sure other browsers will likely follow suit with similar restrictions on insecure websites.