ERR_SSL_PROTOCOL_ERROR in Chrome

Zero Trust 1.1.1.1
1

I’m getting a ERR_SSL_PROTOCOL_ERROR in Chrome when trying to visit a page using 1.1.1.1 family. This doesn’t happen if I’m using a mobile network so I’m sure that it’s 1.1.1.1 that’s causing it. The site is:

I’ve tried using the help site that confirms I’m using 1.1.1.1

https://1.1.1.1/help#eyJpc0NmIjoiWWVzIiwiaXNEb3QiOiJObyIsImlzRG9oIjoiTm8iLCJyZXNvbHZlcklwLTEuMS4xLjEiOiJZZXMiLCJyZXNvbHZlcklwLTEuMC4wLjEiOiJZZXMiLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMTExIjoiTm8iLCJyZXNvbHZlcklwLTI2MDY6NDcwMDo0NzAwOjoxMDAxIjoiTm8iLCJkYXRhY2VudGVyTG9jYXRpb24iOiJNQU4iLCJpc1dhcnAiOiJObyIsImlzcE5hbWUiOiJDbG91ZGZsYXJlIiwiaXNwQXNuIjoiMTMzMzUifQ==

Can anyone suggest what the problem might be?

Thanks

4

Anyone know where I can go next with this?

5

Just bumping to try and keep this open, as I’ve not had any feedback yet :frowning:

6

I’m not sure what could be wrong, can you try to resolve the domain and post the results?

dig @1.1.1.1 vizhub.com A +nsid
dig @1.1.1.1 vizhub.com AAAA +nsid
dig @8.8.8.8 vizhub.com A
dig @8.8.8.8 vizhub.com AAAA
7

Thanks for trying to help @mvavrusa

; <<>> DiG 9.16.1-Ubuntu <<>> @1.1.1.1 vizhub.com A +nsid
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32110
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; NSID: 33 34 31 6d 33 31 ("341m31")
;; QUESTION SECTION:
;vizhub.com.			IN	A

;; ANSWER SECTION:
vizhub.com.		7200	IN	A	54.147.229.137

;; Query time: 100 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Sep 17 15:51:08 BST 2021
;; MSG SIZE  rcvd: 65

; <<>> DiG 9.16.1-Ubuntu <<>> @1.1.1.1 vizhub.com AAAA +nsid
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8007
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; NSID: 36 33 6d 34 34 ("63m44")
;; QUESTION SECTION:
;vizhub.com.			IN	AAAA

;; Query time: 100 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Fri Sep 17 15:52:05 BST 2021
;; MSG SIZE  rcvd: 48

; <<>> DiG 9.16.1-Ubuntu <<>> @8.8.8.8 vizhub.com A
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11409
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;vizhub.com.			IN	A

;; ANSWER SECTION:
vizhub.com.		7200	IN	A	54.147.229.137

;; Query time: 108 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Sep 17 15:53:23 BST 2021
;; MSG SIZE  rcvd: 55

; <<>> DiG 9.16.1-Ubuntu <<>> @8.8.8.8 vizhub.com AAAA
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 7282
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;vizhub.com.			IN	AAAA

;; Query time: 120 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Sep 17 15:53:48 BST 2021
;; MSG SIZE  rcvd: 39
8

It seems like the record returned by DNS is the same. Is the error triggered for this site or some other asset on the site?

9

It’s the actual page that’s causing the error:

image
image1235×819 104 KB

Interestingly I’ve just discovered Firefox is returning a different error

Error code: SSL_ERROR_RX_RECORD_TOO_LONG

I’ve tried navigating directly to https://54.147.229.137 in Chrome which provides me with the “This site is not secure” but you can bypass to get to the site. This does load but Chrome thinks the certificate is invalid (I’m not sure how to figure out why it thinks it’s invalid - unless it’s because I’m not using the domain to access it anymore?).

10

I’m not sure what’s the issue to be honest. Since the DNS response is the same, and it works over a mobile connection, it might be a problem on the path or you might be routed to a different cache node.

11

Laods fine over HTTPS from my home.
Could be due to your ISP blocking something or there is some packet drop in between?

Make sure your server is configured to serve HTTPS content from the 443 port - whic from what I see and tested is working (your origin IP).

Screenshot 2021-09-20 at 20-00-49 VizHub - data visualization platform
Screenshot 2021-09-20 at 20-00-49 VizHub - data visualization platform1918×1041 160 KB

Does it mean you are currently not using proxy mode :orange:, rather either temporary switched to :grey: (DNS-only) or Paused Cloudflare for your domain?
Furthermore, seems your nameservers aren’t anymore pointed to Cloudflare.

Screenshot 2021-09-20 at 20-04-18 intoDNS vizhub com - check DNS server and mail server health
Screenshot 2021-09-20 at 20-04-18 intoDNS vizhub com - check DNS server and mail server health1021×341 15.8 KB

Have you had a valid SSL certificate installed at your origin host / server before moving to Cloudflare?
When you were at Cloudflare, did your origin host / server worked over which TLS version?
And what SSL options have you had selected at the SSL/TLS tab? (Flexible, Full, Full (Strict) ...)

In between, have you tried clearing your Web browser cache, or trying to access via another Web browser, either via a Private Window, or using an VPN connection, or cellular (mobile, LTE, edge …) data (a different ISP provider)?

May I suggest to read this post:

https://support.mozilla.org/en-US/questions/1222739

12

Hi, thanks for your input - just to be clear I don’t own this site/domain etc

13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.