Server and browser cannot agree on SSL/TLS protocol version or cipher suite.
ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
Use Mozilla's recommended modern cipher configuration.
openssl s_client -connect example.com:443 -servername example.com -tls1_2 openssl s_client -connect example.com:443 -servername example.com -tls1_3
If both probes fail, the server offers only deprecated versions. Fix at whatever terminates TLS: origin, load balancer, or CDN edge setting.
sudo certbot --nginx -d dev.app.example.com
Wildcards match one level only: *.example.com covers app.example.com but not dev.app.example.com. Issue a certificate that names the host explicitly.
TLS config changes at the edge are exactly when this error appears in production. An ObserveOne check against the HTTPS endpoint fails on the first broken handshake after a deploy.
Start Monitoring FreeThe browser cannot establish a secure SSL/TLS connection because the server and browser cannot agree on a protocol version or cipher suite.
SSL certificate is not signed by a trusted Certificate Authority.
SSL certificate has expired or is not yet valid.
Domain name doesn't match any domain in the SSL certificate.
SSL/TLS handshake between client and server failed to complete.