Only old Android clients?

Enable TLS 1.2+ and modern ciphers on the server or edge.

Re-upload certs or switch to CDN-managed certs and verify SNI hostnames.

ERR_SSL_PROTOCOL_ERROR vs NET::ERR_CERT_AUTHORITY_INVALID?

Protocol error is handshake-level; authority invalid usually means untrusted or wrong cert.

Error fix

The TLS handshake failed or spoke the wrong protocol—often cert, cipher, or version mismatch.

Start here first. Step 1 fixes most cases—then work down the list.

Why this works

These steps work because it helps isolate CDN edge issues vs your origin server.

The browser could not establish a secure channel. The failure happens before HTTP status codes matter.

Certificate problems
Expired cert, wrong hostname, or incomplete chain.
Protocol mismatch
TLS 1.0 disabled client-side but server only speaks old protocols.

Validate TLS configuration
1. Use SSL Labs or openssl s_client to inspect chain and supported protocols.
2. Renew certificates and fix intermediate bundles on the server.
3. Align minimum TLS and cipher suites with your CDN documentation.

Only old Android clients?: Enable TLS 1.2+ and modern ciphers on the server or edge.
After migrating CDN?: Re-upload certs or switch to CDN-managed certs and verify SNI hostnames.
ERR_SSL_PROTOCOL_ERROR vs NET::ERR_CERT_AUTHORITY_INVALID?: Protocol error is handshake-level; authority invalid usually means untrusted or wrong cert.

Still stuck? Try these related fixes next.

Tweak the message and run again—we'll match an existing fix or generate a new page.

Original error message

ERR_SSL_PROTOCOL_ERROR