As a website owner (and frequent website visitor), you might have encountered the notorious ERR_SSL_PROTOCOL_ERROR at least once. This Secure Sockets Layer (SSL) error occurs when the browser fails to establish a secure connection with the website, usually due to issues with the website’s SSL certificate or its configuration or the client’s browser. The error varies and appears differently in other popular browsers like Firefox and Microsoft Edge.

Although the main reason behind the error can be difficult to identify, there are simple ways to fix it. In this article, I’ll discuss the causes of ERR_SSL_PROTOCOL_ERROR, provide comprehensive steps on how to fix it for your website, and explore how this error appears differently on various browsers. So, let’s dive in and learn how to tackle this common yet frustrating error.

Contents:

• What is ERR_SSL_PROTOCOL_ERROR?
• What causes of ERR_SSL_PROTOCOL_ERROR?
• How to fix ERR_SSL_PROTOCOL_ERROR on your site:
  1. Verify SSL certificate installation
  2. Fix your SSL configuration
  3. Update expired SSL certificates
  4. Verify and update system date and time
  5. Clear your cookies and browser cache
  6. Check for DNS issues

What is ERR_SSL_PROTOCOL_ERROR?

The ERR_SSL_PROTOCOL_ERROR is an error that occurs when there is an issue with the SSL/TLS connection between a website and a user’s browser. This error signifies that the protocol used to establish the secure connection is not supported by the browser, or there is a mismatch between the browser and server settings. It can also appear when there is a misconfiguration of the website’s SSL certificate or when the browser fails to connect to an SSL-protected website.

Let’s take a look at a few examples of this error in some modern web browsers.

Example of error in Chrome:

While ERR_SSL_PROTOCOL_ERROR varies from browser to browser, it appears like this in Chrome:

Example of error in FireFox:

In Firefox, when the browser encounters ERR_SSL_PROTOCOL_ERROR it typically displays the following page. You’ll need to click on Advanced and then click on View Certificate to view more information about the problem.

Example of error in Edge:

In Microsoft Edge, the error page for this SSL issue will display the following message.

What causes ERR_SSL_PROTOCOL_ERROR?

The ERR_SSL_PROTOCOL_ERROR error usually appears when there’s an issue with the SSL certificate or the HTTPS protocol, which is essential for establishing a secure connection between a website and a user’s browser. Below are the top eight most common reasons for this error to occur.

1. Recent changes in hosting, CDN, or SSL certificates: If you’ve recently changed your web host, enabled a CDN or WAF like the Sucuri Firewall, or installed a new SSL certificate, this could be the primary cause of the error. Double-check your SSL installation and ensure proper server configuration.
2. Missing name on the certificate: While a certificate can be valid without the website name in the subject, it must be included in the SAN (Subject Alternative Name), domain.com does not equal www.domain.com, and the wildcard certificate *.domain.com must also domain.com in the SAN for domain.com to work properly.
3. Expired or missing SSL certificate: An expired or missing SSL certificate can also cause the ERR_SSL_PROTOCOL_ERROR. Make sure your certificate is up-to-date and properly installed on your server.
4. Mismatch in server and client encryption protocols: This error can occur if there is a mismatch between the encryption protocols used by your server and your user’s browser. Ensure that your server supports the latest encryption protocols and that your users have updated browsers.
5. Revoked SSL certificate: If your website’s SSL certificate has been revoked due to compromise or non-renewal, it can lead to this error. Make sure to renew your certificate and keep it secure.
6. Incorrect system clock settings: Another potential cause of this error is incorrect system clock settings on the user’s device. Although this is not directly related to the website owner’s actions, it’s good to be aware of this possibility.
7. Firewall and antivirus settings: Sometimes, firewall and antivirus settings on the user’s device can interfere with the SSL connection. While website owners have limited control over this issue, it’s helpful to know that it can cause ERR_SSL_PROTOCOL_ERROR.
8. Misconfigured protocol settings and versions: Misconfigured settings or outdated protocol versions can also lead to this error. Ensure that your server is properly configured and supports the latest protocols and standards.

How to fix ERR_SSL_PROTOCOL_ERROR

Let’s walk through the steps to troubleshoot and resolve ERR_SSL_PROTOCOL_ERROR. You’ll want to follow these solutions one by one until the secure connection error is fixed for your website.

1- Verify SSL certificate installation

The first step in solving the ERR_SSL_PROTOCOL_ERROR issue is to make sure that you’ve installed an SSL certificate on your website. This error often occurs when website owners attempt to force HTTPS without having the necessary SSL certificate in place, making the website inaccessible. The SSL certificate is required to enable secure HTTPS connections between your website’s server and your visitors’ browsers.

To check if an SSL certificate is properly installed, you can do the following:

• Visit your website using HTTPS (e.g., https://yourwebsite.com) and look for a padlock icon in the address bar of your browser. If you see the padlock, the SSL certificate is installed and functioning correctly.
• Use an SSL checker tool, like the one offered by SSL Shopper or SSL Labs. These tools can help you confirm if your SSL certificate is properly installed and provide additional details about the certificate’s configuration and expiration date.

• Advanced users can use the following shell scripts to leverage either cURL or OpenSSL to check for certificate and SSL configurations.

openssl s_client -servername domain.com -connect 192.168.0.1:443 2>/dev/null | openssl x509 -noout -subject -issuer -dates;

curl -vvI --silent https://domain.com 2>&1 | grep 'issuer|start date|expire date|subject'

Using OpenSSL this way allows you to set the host IP specifically, so you can check multiple hosting servers, as it may be only one server not providing a good SSL configuration to the browser.

If you’re looking for more information on this topic, you can refer to our article on how to test SSL configurations.

2 – Fix your SSL configuration

If your SSL certificate is installed but you’re still experiencing the ERR_SSL_PROTOCOL_ERROR, it’s possible that the SSL configuration on your web server is incorrect. To resolve this issue, review your web server’s SSL settings and ensure that they align with the recommended best practices for SSL configuration.

This typically involves:

• Configuring your server to use strong encryption protocols, such as TLS 1.2 or 1.3, and;
• Disabling outdated or insecure protocols like SSL 2.0, SSL 3.0, and TLS 1.0.

Additionally, you’ll want to double-check that your server is configured to redirect HTTP traffic to HTTPS; this will ensure that all visitors are using a secure connection when accessing your site.

3 – Update expired SSL certificates

SSL certificates have expiration dates. If your certificate has expired, it will cause the ERR_SSL_PROTOCOL_ERROR to appear. To fix this issue, you’ll need to obtain a new certificate from a trusted certificate authority (CA) and install SSL on your web server.

Once the new certificate is in place, test your website again to confirm that the error has been resolved.

4 – Verify and update system date and time

If the SSL certificate is valid and checking SSL configurations and expired certs didn’t resolve the issue, you’ll want to take a look at your local computer settings to see if it’s the culprit.

Ensure that your operating system’s time and date are accurately set, as incorrect values can cause authentication issues with SSL certs. This is because SSL certificates come with a predetermined expiration date, and any discrepancies in the current system time and date can interfere with the authentication process.

When establishing a secure connection, a valid time and date are always assumed, which is why it’s crucial to retrieve the correct values from your local system.

Check system date and time in Windows

To check and update the time and date on Windows 10:

1. Press the Windows key and type “Date and time” and select it from the dropdown options.
2. In the Date and Time settings window, verify that the time and date are accurate.
3. Make changes, if necessary.

Check system date and time in Apple

To check and update the time in macOS:

1. Click the Apple icon in the top left corner of the screen
2. Select System Preferences from the drop-down menu, and choose Date and Time from the list.
3. Verify that the time and date are accurate. Make changes, if necessary.

5 – Clear your cookies and browser cache

In some cases, the ERR_SSL_PROTOCOL_ERROR issue may be the result of a simple caching issue in your browser. Let’s take a look at why clearing your browser cache might resolve the issue.

By default, most modern browsers cache a plethora of information about the sites you visit, including files, text content, images and SSL. When you revisit the website, your browser retrieves the required resources from the cache instead of the site’s web server, allowing web pages to load more quickly. However, maintaining outdated caches can cause problems. If any significant changes are made to the site, your browser may not be able to display it until it retrieves the new information.

Clearing your browser cache forces it to refresh this stored information with updated data, which can help resolve various issues, including SSL errors.

Clear your browser cache:

The steps to clear your browser cache depend entirely on the browser you are using. For Chrome, you can follow these instructions:

1. Click the settings icon at the top right of the Chrome window.
2. From the drop-down menu, click More tools then click on Clear browsing data.

3. Select a Time range. You’ll want to select All time to ensure all cache is deleted.

4. Click the Clear data.
5. Restart your browser.

Your browsing experience may be slower after clearing your cache. Wiping cache will also sign you out of most browsing sessions.

Shortcut: If you’re a macOS, use Command+Shift+Delete to access your browser’s delete browsing data menu. This key combination works on most browsers, including Google Chrome, Firefox, Edge, and Opera. For Windows users, press Ctrl+Shift+Delete.

Clear your browser’s SSL cache:

Your browser stores an SSL cache just like it does for images and files. If a website updates its SSL cert, this caching can cause SSL connection failures because the cached version does not match the new certificate.

To troubleshoot this scenario and clear your browser’s SSL cache in Google Chrome with Windows:

1. Open Chrome and enter the following in the address bar: chrome://settings/system
2. On the left sidebar, go to System then click on Open your computer’s proxy settings.

3. Search for Internet Options and select it from the drop-down menu.

4. Navigate to the Content tab and click on Clear SSL state.

You can also clear the SSL state with Manage certificates on Google Chrome:

1. Open Chrome and enter the following in the address bar: chrome://settings/security
2. Scroll down to the Manage Device Certificates section and select it.
3. Navigate through the tabs to locate SSL’s cached by Chrome. After selecting your SSL, click Remove to clear its cache.
4. Restart your Chrome browser.

If clearing your browser and SSL cache does not resolve the ERR_SSL_PROTOCOL_ERROR, other programs may be causing the issue. You can try temporarily disabling browser extensions, firewall, or AV software antivirus programs to see if that rectifies the issue.

6 – DNS issues

Like many other website problems, the ERR_SSL_PROTOCOL_ERROR can also be caused by an error with DNS — specifically, the DNS A record pointing to the wrong hosting IP address.

This can be confirmed with your hosting provider and easily tested by using DiG:

$ dig example.com +short
10.10.10.1

Alternatively, you can also test for this with an online tool like https://toolbox.googleapps.com/apps/dig/#A/

If a DNS issue is detected, you’ll need to correct the A record from your DNS control panel.

Further troubleshooting

The ERR_SSL_PROTOCOL_ERROR can be a frustrating issue for both website owners and site visitors. But it’s essential to ensure that your SSL certificate is correctly installed, your SSL configurations are up-to-date, and your server uses the appropriate encryption protocols to guarantee a secure browsing experience for users.

If you’re a Sucuri client and you’re still experiencing SSL errors after trying out these troubleshooting steps, get in touch with our support department. We’re committed to helping you keep your website safe and provide a seamless browsing experience for your users.