My domains are: , ,

These 2 has common certificate ,
This one has another

These URLs are used by my app.
There are some users complaining that the app doesn't work as expected.
I had such user in a Google Hangouts call today. Turned out he can't open and he has ERR_SSL_PROTOCOL_ERROR
however is available

I tried testing with macOs Sonoma that he has and couldn't reproduce this error. He has ERR_SSL_PROTOCOL_ERROR in both Chrome and Safari.

I'm not an expert in certificate configurations, I'm out of ideas, please help

1 Like

Welcome to the Let's Encrypt Community.

Let's Encrypt is a Certificate Authority and the Community is here to assist primarily with questions pertaining to certificate issuance. How you use the certificates is up to you.

You can see details about the connections various clients can make to your server at SSL Labs.

Based on those results and your description. I'm inclined to think that the client errors are specific to their environments. Perhaps they are running DPI firewalls that are breaking the TLS connection.

Whatever the underlying cause, it is completely out of scope for the Let's Encrypt Community.


I'm not sure I agree that it's completely out of scope. Let's Encrypt's mission is to "reduce financial, technological, and educational barriers to secure communication", and I think part of that goes beyond just getting a certificate but helping people configure their systems to use certificates correctly.

Though in this case, I agree that we don't really have enough information to be of much help. I don't see anything wrong with offhand in the tooling I've looked in, though the non-secure (which in most situations is just a redirect to https) doesn't look to be working from here.


@anton-chernikov1989 When you setup a certificate for a server with Let's Encrypt you will either have an RSA private key or an EC (elliptic curve) private key, the choice of key (or whatever your acme client picks) affects the TLS conversation between your server and the client (the browser). In particular it changes the selection of compatible Cipher Suites based on the key type and both the serer and client have to agree on at least one in order to establish communication.

The difference I can see between and is that has an RSA key. RSA keys are somewhat more compatible than EC keys but a modern version of macOS should in theory have no problem with them.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.