×


Cloudflare err_ssl_protocol_error - Fix it Now ?

Sometimes Webmasters complain that they are receiving a Cloudflare ERR_SSL_PROTOCOL_ERROR while visiting their website.

Here at Ibmi Media, as part of our Server Management Services, we regularly help our Customers to resolve related Cloudflare errors.


Nature of Cloudflare err_ssl_protocol_error

This error is mainly experienced by Website users While accessing websites affected by the Cloudflare err_ssl_protocol_error.

The common reasons for Cloudflare err_ssl_protocol_error includes:

1. Wrong DNS settings at Cloudflare

2. SSL mode at Cloudflare

3. TLS version

4. Issues with SSL certificate


How to resolve Cloudflare err_ssl_protocol_error ?

1. Wrong DNS settings at Cloudflare

A common reason for the SSL protocol error is wrong DNS settings at the Cloudflare end. This happens when the domain is not fully set to use Cloudflare.

It requires the nameservers of the domain to be changed to that of the Cloudflare one. Often it happens that users forget to remove the non-Cloudflare nameservers after adding the Cloudflare one.

You should check to see if there are non-Cloudflare nameservers that are conflicting with the assigned Cloudflare name servers.


2. SSL mode at Cloudflare

Another possible reason for this error is the SSL mode at Cloudflare end.

With Full SSL (strict) SSL mode in Cloudflare end, it can trigger this error when the origin does not have a valid certificate. This could happen when the SSL certificate at the origin server expires, self-signed, or is not issued by a trusted CA

The solution that our Experts followed here is to temporarily select another SSL option until we have a valid origin certificate in place.


3. TLS version

TLS version is another possible reason for the SSL protocol error. Transportation Layer Security (TLS) 1.3 protocol provides unparalleled privacy and performance compared to previous versions of TLS and non-secure HTTP.

At times, when there is some conflict with TLS 1.3,  our Engineers suggest disabling it to check if they still encounter the error.


4. Issues with SSL certificate

The ERR_SSL_PROTOCOL_ERROR error sometimes implies it's a problem with the Cloudflare certificate. 

This happens when the Free Universal SSL certificate hasn't yet been deployed.

In such cases, we suggest to :grey: (deactivate) Cloudflare so that the website can continue to use your origin's SSL certificate. Wait 24 hours and :orange: (activate) Cloudflare again to see if your SSL certificate has been successfully deployed.


[Need urgent assistance in fixing Cloudflare errors? – We're available 24*7. ]


Conclusion

This article covers methods to resolve Cloudflare ERR_SSL_PROTOCOL_ERROR. Basically, this error happens as a result of a number of reasons that include wrong DNS settings, SSL mode, TLS version or issues with SSL certificate. 


To fix this error,

1. If you are not the site owner, contact the site owner and let them know you are having issues accessing their site.

2. The domain name has not fully been set to use Cloudflare yet. Check to see if there are non-Cloudflare nameservers that are conflicting with the assigned Cloudflare name servers.

3. You are signed up for Cloudflare, but you have set a DNS record to :grey:. If you have a subdomain or hostname and that serves HTTP/HTTPS traffic, we would advise that you :orange: this DNS record to take advantage of Cloudflare’s security and performance features. See What subdomains are appropriate for :orange:/:grey: clouds? 69

4. The Free Universal SSL certificate hasn’t yet been deployed, :grey: (deactivate) Cloudflare so that your website can continue to use your origin’s SSL certificate. Wait 24 hours and :orange: (activate) Cloudflare again to see if your SSL certificate has been successfully deployed.

5. You have some conflict with TLS 1.3, disable it and see if you still encounter the error.

6. You have selected Full SSL (strict) under your SSL/TLS app, but your origin does not have a valid certificate (i.e., it is expired, self-signed, or not issued by a trusted CA). Temporarily select another SSL option until you have a valid origin certificate in place.

7. Try to look at developer web console (firefox Ctrl+Shift+K) - anything interesting under Security tab.

8. Also, Try to run the command curl -vk on the affected domain.