SSL is not working in mobile (The site cant be reached) refused to connect

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is: (really sorry but this is going a production environment soon if its really needed then i will mention it)

I ran this command:

It produced this output:

My web server is (include version):apache 2.4.56 (I just installed sudo apt install apache2)

The operating system my web server runs on is (include version): Debian 11

My hosting provider, if applicable, is: GCP

I can login to a root shell on my machine (yes or no, or I don't know): yes (sudo su -)

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): Im using ssh into the server so a terminal is there

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot): certbot 2.6.0

I ran these commands:
command: curl -Iki


HTTP/1.1 200 OK
Date: Sun, 11 Jun 2023 18:32:47 GMT
Server: Apache/2.4.56 (Debian)
Set-Cookie: OSTSESSID=2lnbkrc0s6fka9mjfk9a23hkh5; expires=Sun, 11-Jun-2023 18:56:47 GMT; Max-Age=1440; path=/;; secure; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Content-Security-Policy: frame-ancestors 'self';
Content-Language: en-US
Content-Type: text/html; charset=UTF-8

i even checked using SSL Server Test (Powered by Qualys SSL Labs)

getting [Chrome 49 / XP SP3] Server sent fatal alert: handshake_failure

|[Safari 6 / iOS 6.0.1]Server sent fatal alert: handshake_failure|
|[Safari 7 / iOS 7.1|Server sent fatal alert: handshake_failure|
|[Safari 7 / OS X 10.9] R|Server sent fatal alert: handshake_failure|
|[Safari 8 / iOS 8.4] Server sent fatal alert: handshake_failure|
|[Safari 8 / OS X 10.10] Server sent fatal alert: handshake_failure|

TLS 1.3 Yes
TLS 1.2 Yes
TLS 1.1 No
TLS 1.0 No
SSL 3 No
SSL 2 No

I followed the installation guide to letter Certbot Instructions | Certbot for my config

port 443 is open and also port 80

The site is working in desktop and mac browsers. It is showing an error that is refused to connect.

This is really urgent. Kindly help me sort this out.


Do you have an actual device that is failing? Or are you just concerned about the SSL Labs report?

Because even the site shows errors for those older systems. (link here)

For older Android devices you want to be sure to use the default "long chain" from Let's Encrypt. And, Certbot on Debian would do that by default so should be fine.

We are not a general support site for server config and older systems. We help with Let's Encrypt certs.

You need to be more specific about the exact error you are concerned about (what O/S, what is the error, which browser and version is failing, and so on). The domain name would help too. We are unpaid volunteers using our personal time. If you make it difficult for us to help we may choose not to.


Well I have to say that an actual domain name would probably be the key to resolving this iisue.
YES. Please provide your domain name so @MikeMcQ can help you resolve this issue.


Different operating systems support different TLS protocol versions and cipher suites. Old operating systems often don't speak TLS1.2 or higher, or newer cipher suites.

So if your site is failing with an old device, that would be one of the most likely reasons. You can choose to enable older versions of TLS on your server to support old devices, but they are generally avoided in modern systems due to security concerns.

If your site is failing with a new device, I'd suggest that your set of enabled cipher suites is too limited, and the device can't negotiate a common suite with the server. It's also possible that the entire TLS config is wrong or not configured, but we can't really check that without knowing the domain.


FFS. If it weren't needed, it wouldn't have been asked for. Did you miss this bit:

so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

In any event, those outdated iOS versions are not compatible with LetsEncrypt's certificates. See


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.