Three years ago, Google's search engine began favoring in its results websites that use encrypted HTTPS connections.
Sites that secure their content get a boost over websites that used plain-old boring insecure HTTP. In a "carrot and stick" model, that's the carrot: rewarding security with greater search visibility.
Later this year comes the stick. This summer, Google will mark non-HTTPS websites as insecure in its Chrome browser, fulfilling a plan rolled out in September 2016.
Starting with Chrome 68, due to hit the stable distribution channel on July 2018, visiting a website using an HTTP connection will prompt the message "Not secure" in the browser's omnibox – the display and input field that accepts both URLs and search queries.
Well that's just great: Google will stop trusting Symantec-issued SSL/TLS certs from this year. One option would be to drop the certificate - going from HTTPS back to good old HTTP. Unfortunately this will now flag that website as insecure! Good job Google - you can go off people, you know...