Introduction
ERR_SSL_PROTOCOL_ERROR is a browser-level signal that something in the HTTPS negotiation is wrong enough that the connection cannot proceed. It is broader than one certificate warning, which means you need to check protocol support, redirect behavior, and the full proxy-to-origin path.
Symptoms
- Chrome reports
ERR_SSL_PROTOCOL_ERROR - HTTPS fails while plain HTTP may still load
- The issue started after enabling SSL or moving behind a CDN
- Some subdomains work while another one fails consistently
- SSL tests show protocol or certificate anomalies rather than normal page output
Common Causes
- The certificate does not match the requested hostname
- The server listens on the wrong port or serves plain HTTP on an HTTPS endpoint
- TLS versions or ciphers are misconfigured after a server hardening change
- Redirects bounce traffic between HTTP and HTTPS in a broken sequence
- A CDN or reverse proxy is set to an SSL mode the origin cannot satisfy
Step-by-Step Fix
- Confirm the affected hostname and reproduce the error with a browser and a TLS inspection tool so you are not guessing from one client.
- Verify the endpoint on port 443 is actually serving TLS, not plain HTTP or the wrong virtual host.
- Check the installed certificate, chain, expiration date, and hostname coverage for the failing domain.
- Review reverse proxy or CDN SSL mode settings and make sure the origin can satisfy the selected mode securely.
- Inspect redirect rules for loops or protocol mismatches that force browsers into an invalid HTTPS path.
- Compare enabled TLS versions and cipher suites with a known good secure baseline supported by modern browsers.
- Test the origin directly and through the public hostname to isolate whether the failure starts at the origin or at the proxy edge.
- Reload the relevant web or proxy service after correcting certificates, protocols, or virtual host mappings.
- Re-test from multiple browsers and certificate tools until the hostname loads cleanly without protocol negotiation errors.