Random ERR_SSL_PROTOCOL_ERROR

Hi! Last time my customers get experiencing issue when they tried to visit website. Site won’t load of the reason ERR_SSL_PROTOCOL_ERROR. The error definitely concerns two domains:

  • 17movement.net - proxied, full encryption (type A points to my nginx server)
  • store.17movement.net - DNS only, flexible encryption (type CNAME points to tebex webstore)

I already done research and I tried few things, but issue is still not resolved. I alredy tried with things like: disable proxy (but only for few moments of the reason self-signed certificates on nginx), disable TLS v1.3, purging cache. Also I bought Advenceed Certificate Manager and added Advenceed Certificate, but it didn’t change much.

This issue is hard to debug, because only some people had experiencing it. I have no bloody idea what more I can do.

Screenshot from one of my customers:

That’s an insecure, legacy mode and should not be used in the first place as you have no security here. Make sure it is Full Strict.

1 Like

I cannot use Full Strict because Tebex does not support SSL certificate management. All things related to payment happen outside our domain, so it’s nothing particularly dangerous.

You have to use Full Strict, as you otherwise have no encryption in the first place. You need to discuss this with your host, they need to provide that. The mode you are currently using is a legacy mode and should never be used.

However the DNS entry in question is not proxied anyhow and goes straight to your host (who also happens to use Cloudflare).

Your site generally seems to load fine however → sitemeer.com/#https://17movement.net

1 Like

And that’s the problem. On my PC it’s also fine, but on ~last month I got more reports about this issue and I have no idea what is the reason. I’m just determinated that store.17movement.net itself works fine, but it using assets (stylesheets, scripts, images etc.) from root domain and in console you can see errors while fetching it from 17movement.net.

So the first step should be to drop any Flexible configuration, as it’s not secure nor used by store anyhow. Make sure the naked domain is on Full Strict, however.

As for the naked domain, that does work as mentioned earlier

image

You might have a local DNS resolution issue. If that is the case maybe switch to another DNS resolver but the site itself resolves. As long as you are on Full Strict, your site should be working and secure.

1 Like

I changed mode to Full Strict and now someone reported another error:

From VPS he can access site without any troubles

As mentioned

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.