Skip to content

ERR_CONNECTION_RESET: Causes & Fix

Key idea:

ERR_CONNECTION_RESET means Chrome received TCP RST during TLS handshake or active session. Causes: firewall (local or ISP) drops a packet, antivirus with TLS inspection mangles the handshake, overloaded server where the kernel kills the connection, DPI systems blocking a specific SNI. Fix: disable AV TLS inspection, verify server reachability, try via VPN.

This error blocks HTTPS access. Below: causes, fixes, working config, FAQ.

Check your site's SSL →

Common Causes

  • Local firewall / Kaspersky TLS inspection cuts packets
  • ISP-level DPI blocks SNI by domain (common in certain regions)
  • Server overloaded, kernel TCP accept queue overflowed
  • Wrong path MTU — TCP segments get dropped
  • Web process crash (nginx/Apache worker) mid-handshake

Step-by-Step Fix

  1. Disable antivirus TLS inspection for 10 minutes — retest
  2. Reboot the router (sometimes it cuts connections)
  3. Try via VPN or mobile — if it works = ISP DPI
  4. On the server: ss -ltn to confirm listener. dmesg | grep -i tcp — OOM?
  5. Increase net.core.somaxconn and nginx backlog=1024

Check SSL Certificate →

Related SSL Errors

TL;DR: Understanding ERR_CONNECTION_RESET

The ERR_CONNECTION_RESET error in Chrome indicates that the connection to the server was unexpectedly closed. This can occur due to various reasons, including server misconfiguration, firewall settings, or issues with the local network. To resolve this, check your network settings, disable any VPNs or proxies, and ensure that your firewall isn’t blocking the connection.

Common Causes of ERR_CONNECTION_RESET

The ERR_CONNECTION_RESET error can be attributed to several underlying issues. Understanding these causes can help you diagnose and resolve the problem effectively:

  • Network Configuration: Misconfigured network settings can lead to connection resets. This includes incorrect DNS settings or IP conflicts.
  • Firewall/Antivirus Software: Overzealous firewall or antivirus programs can block legitimate connections. Ensure that your security software is not blocking Chrome.
  • VPN/Proxy Issues: If you are using a VPN or proxy, they may be causing the connection to reset. Temporarily disabling them can help identify the issue.
  • Server-Side Issues: The server may be misconfigured, causing it to close connections unexpectedly. Check server logs for errors.
  • Browser Extensions: Some extensions can interfere with network requests. Disable all extensions and re-enable them one by one to identify the culprit.

Practical Solutions to Fix ERR_CONNECTION_RESET

To resolve the ERR_CONNECTION_RESET error, you can follow these practical steps:

  1. Check Your Internet Connection: Ensure your internet connection is stable. You can run the following command in the Command Prompt to check connectivity:
ping google.com

  • Reset TCP/IP Stack: If your network settings are corrupted, resetting the TCP/IP stack can help. Open Command Prompt as an administrator and run:
  • netsh int ip reset

  • Flush DNS Cache: Flushing the DNS cache can resolve issues related to outdated or incorrect DNS information. Execute this command:
  • ipconfig /flushdns

  • Disable Firewall/Antivirus: Temporarily disable your firewall or antivirus software to check if they are causing the issue. If the error disappears, adjust the settings or switch to a different security solution.
  • Change DNS Settings: Consider switching to a public DNS service like Google DNS or Cloudflare DNS. You can change your DNS settings on Windows by going to:
    1. Control Panel
    2. Network and Internet
    3. Network and Sharing Center
    4. Change adapter settings
    5. Right-click your network connection and select Properties
    6. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties

    Then, select Use the following DNS server addresses and enter:

    • Google DNS: 8.8.8.8 and 8.8.4.4
    • Cloudflare DNS: 1.1.1.1 and 1.0.0.1

  • Check for Browser Issues: Clear your browser cache and cookies. Go to Chrome settings, select Privacy and security, and then Clear browsing data.
  • Review Server Configuration: If you have access to the server, check the configuration files (like httpd.conf for Apache or nginx.conf for Nginx) for any misconfigurations or limits on connection handling.
  • By systematically addressing each of these areas, you can effectively troubleshoot and resolve the ERR_CONNECTION_RESET error in Chrome.

    CertificateExpiry, issuer, domains (SAN)
    ChainIntermediate and root CA validation
    TLS ProtocolTLS version and cipher suite
    VulnerabilitiesHeartbleed, POODLE, weak ciphers

    Why teams trust us

    TLS 1.3
    supported
    Full
    CA chain check
    <2s
    result
    30/14/7
    days-to-expiry alerts

    How it works

    1

    Enter domain

    2

    TLS chain verified

    3

    Expiry date & vulnerabilities

    What Does the SSL Check Cover?

    SSL/TLS is the encryption protocol that protects data between the browser and server. Our tool analyzes the certificate, chain of trust, TLS version, and knownvulnerabilities.

    Certificate Details

    Issuer, validity period, signature algorithm, covered domains (SAN), and validation type (DV/OV/EV).

    Chain of Trust

    Full chain verification: from leaf certificate through intermediates to root CA.

    TLS Analysis

    Protocol version (TLS 1.2/1.3), cipher suites, Perfect Forward Secrecy (PFS) support.

    Expiry Alerts

    Set up a monitor — get Telegram and email alerts 30/14/7 days before expiration.

    DV vs OV vs EV Certificates

    DV (Domain Validation)
    • Confirms domain ownership only
    • Issued in minutes automatically
    • Free via Let's Encrypt
    • Suitable for most websites
    • Most common certificate type
    OV / EV
    • Organization (OV) or Extended Validation (EV)
    • Issued in 1-5 business days
    • Costs $50 to $500/year
    • For finance, e-commerce, government sites
    • Increases user trust

    Who uses this

    DevOps

    SSL certificate monitoring

    Security

    TLS config audit

    SEO

    HTTPS as ranking factor

    E-commerce

    customer trust

    Common Mistakes

    Expired certificateBrowsers block sites with expired SSL. Set up auto-renewal or monitoring.
    Incomplete certificate chainWithout intermediate CA, some browsers and bots cannot verify the certificate.
    Mixed content on HTTPS siteHTTP resources on an HTTPS page — the browser lock icon disappears, reducing trust.
    Using TLS 1.0/1.1Legacy TLS versions have known vulnerabilities. Use TLS 1.2+ or 1.3.
    Domain mismatch in certificateThe certificate must cover all site domains, including www and subdomains.

    Best Practices

    Set up auto-renewalLet's Encrypt + certbot with cron — certificate renews automatically every 60-90 days.
    Enable HSTSStrict-Transport-Security header forces browsers to always use HTTPS.
    Use TLS 1.3TLS 1.3 is faster (1-RTT handshake) and safer — legacy ciphers removed.
    Monitor expiration datesCreate a monitor on Enterno.io — get notified well before expiration.
    Verify chain after renewalAfter certificate renewal, confirm that intermediate certificates are installed.

    Get more with a free account

    SSL certificate monitoring, check history and alerts 30 days before expiry.

    Sign up free

    Learn more

    Sources

    Frequently Asked Questions

    How is it different from ERR_EMPTY_RESPONSE?

    ERR_EMPTY_RESPONSE — server accepted connection but sent nothing. ERR_CONNECTION_RESET — the connection was torn down by an RST packet.

    How do I know if it's ISP blocking?

    Try via VPN. If VPN works — ISP. If it fails everywhere — server side.

    Browsers show ERR_CONNECTION_RESET or ERR_CONNECTION_ABORTED — which?

    ABORTED = client cancelled (redirect/close). RESET = RST packet from the other side (server/proxy/DPI).

    How do I check reachability?

    <a href="/en/ping">Enterno Ping + Port Checker</a> — tests TCP 443 from multiple regions + monitoring.

    Try the live tool that powered this guide

    Free plan — 10 monitors, checks every 5 min, no card required. Upgrade for 1-minute interval and multi-region monitoring.