Chrome / Firefox / Safari SSL Errors Reference

SSL_ERROR_BAD_CERT_DOMAIN: Firefox Equivalent of CN_INVALID

TL;DR: SSL_ERROR_BAD_CERT_DOMAIN is a Firefox error, the equivalent of Chrome's ERR_CERT_COMMON_NAME_INVALID. The SSL certificate does not cover the current domain. Fix: reiss…

Read →

ERR_ADDRESS_UNREACHABLE: Diagnosis

Key idea: ERR_ADDRESS_UNREACHABLE — Chrome could not establish a TCP connection to the IP. Below the TLS layer. Causes: DNS returned wrong IP, routing issue (server down/no interne…

Read →

ERR_BLOCKED_BY_RESPONSE: Causes & Fix

Key idea: ERR_BLOCKED_BY_RESPONSE — Chrome blocks a resource due to mismatched Cross-Origin-* headers. Usually COEP (Cross-Origin-Embedder-Policy), COOP (Cross-Origin-Opener-Policy…

Read →

NET::ERR_CERT_AUTHORITY_INVALID Error: Causes and Solution

TL;DR: NET::ERR_CERT_AUTHORITY_INVALID means Chrome/Edge does not trust the site's SSL certificate — the certificate chain does not lead to a trusted root CA. 90% of cases are caus…

Read →

ERR_CERT_COMMON_NAME_INVALID: Domain Mismatch

TL;DR: ERR_CERT_COMMON_NAME_INVALID (NET::ERR_CERT_COMMON_NAME_INVALID) means the requested domain is not listed in the certificate's SAN field. Example: cert issued for examp…

Read →

ERR_CERT_DATE_INVALID: Expired SSL and How to Renew

TL;DR: ERR_CERT_DATE_INVALID means the site's SSL certificate expired or isn't yet valid. 95% of cases: missed Let's Encrypt renewal or forgotten auto-renew cron. Fi…

Read →

NET::ERR_CERT_REVOKED: What Happened

Key idea: NET::ERR_CERT_REVOKED — your CA (Let's Encrypt, DigiCert) revoked the SSL certificate. Serious: clients can't connect at all. Causes: compromised private key, mis-issuanc…

Read →

ERR_CERT_SYMANTEC_LEGACY: Legacy Certificate

Key idea: NET::ERR_CERT_SYMANTEC_LEGACY — Chrome 70+ (October 2018) automatically distrusts certificates from Symantec, VeriSign, Thawte, GeoTrust and RapidSSL issued before Decemb…

Read →

NET::ERR_CERT_VALIDITY_TOO_LONG: Fix Guide

Key idea: NET::ERR_CERT_VALIDITY_TOO_LONG appears when an SSL certificate is issued for > 398 days. Since September 2020, Apple, Google and Mozilla reject certs longer than that — …

Read →

ERR_CERT_WEAK_SIGNATURE_ALGORITHM: Obsolete SHA-1/MD5

TL;DR: ERR_CERT_WEAK_SIGNATURE_ALGORITHM means the SSL certificate is signed with an obsolete algorithm (SHA-1, MD5, MD2). Chrome blocks such certificates since 2017. Fix: reissue …

Read →

ERR_CONNECTION_RESET: Causes & Fix

Key idea: ERR_CONNECTION_RESET means Chrome received TCP RST during TLS handshake or active session. Causes: firewall (local or ISP) drops a packet, antivirus with TLS inspection m…

Read →

ERR_EMPTY_RESPONSE: The Server Sent Nothing

Key idea: ERR_EMPTY_RESPONSE means the server accepted the TCP connection but closed it without sending an HTTP response. Typical for PHP-FPM/Apache crashes, nginx timeouts toward …

Read →

ERR_HTTP2_PROTOCOL_ERROR: Causes & Fixes

Key idea: ERR_HTTP2_PROTOCOL_ERROR — Chrome/Firefox got an RST_STREAM frame from an HTTP/2 server. Causes: max_header_list_size exceeded (usually 8KB), flow control broken, bug in …

Read →

ERR_QUIC_PROTOCOL_ERROR: Causes & Fix

Key idea: ERR_QUIC_PROTOCOL_ERROR — Chrome failed to establish or continue an HTTP/3 connection. HTTP/3 uses QUIC (UDP), not TCP — and many firewalls/NATs mangle UDP. Causes: corpo…

Read →

ERR_SSL_BAD_RECORD_MAC_ALERT: Causes & Fix

Key idea: ERR_SSL_BAD_RECORD_MAC_ALERT means the client or server received a TLS record with an invalid MAC (Message Authentication Code). The data was corrupted in transit: networ…

Read →

ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED: Fix

Key idea: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED appears in mTLS (mutual TLS) when the server requests a client cert but the client cannot sign the challenge. Causes: smart card/eTok…

Read →

ERR_SSL_DECOMPRESSION_FAILURE_ALERT: What It Is

Key idea: ERR_SSL_DECOMPRESSION_FAILURE_ALERT — TLS alert 30. Historically appeared when client and server failed to agree on compression. Rarely seen in 2026: TLS compression is o…

Read →

ERR_SSL_KEY_USAGE_INCOMPATIBLE: Fix Guide

Key idea: ERR_SSL_KEY_USAGE_INCOMPATIBLE means the certificate does not include TLS Web Server Authentication (OID 1.3.6.1.5.5.7.3.1) in extKeyUsage. Chrome considers such a cert u…

Read →

ERR_SSL_OBSOLETE_VERSION: Fix

Key idea: ERR_SSL_OBSOLETE_VERSION — Chrome 84+ (July 2020) blocks HTTPS connections to servers supporting only TLS 1.0 or 1.1. Causes: old nginx/Apache, legacy IIS 7, embedded dev…

Read →

ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN: Fix

Key idea: NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN means the browser expected a specific public key (HPKP or Certificate Transparency static pin) in the cert chain but it is missi…

Read →

ERR_SSL_PROTOCOL_ERROR: TLS Incompatibility Causes and Fix

TL;DR: ERR_SSL_PROTOCOL_ERROR means the browser and server cannot agree on a TLS version or cipher. Common causes: server only supports TLS 1.0/1.1 (deprecated in Chrome 90+), inco…

Read →

ERR_SSL_RENEGOTIATION_NOT_SUPPORTED

Key idea: ERR_SSL_RENEGOTIATION_NOT_SUPPORTED — server requested renegotiation (rekey), but the client (or protocol) does not support it. TLS 1.3 removed renegotiation entirely (se…

Read →

ERR_SSL_UNRECOGNIZED_NAME_ALERT: What It Means

Key idea: ERR_SSL_UNRECOGNIZED_NAME_ALERT means the server returned TLS alert 112 (unrecognized_name) because the domain requested via SNI is not configured. Causes: domain missing…

Read →

ERR_SSL_VERSION_OR_CIPHER_MISMATCH: Causes & Fix

Key idea: ERR_SSL_VERSION_OR_CIPHER_MISMATCH means the browser could not negotiate a TLS version or cipher with the server. Causes: server on outdated TLS 1.0/1.1 (Chrome 84+ disab…

Read →

ERR_TOO_MANY_REDIRECTS: Fixing the Loop

Key idea: ERR_TOO_MANY_REDIRECTS (Chrome) / "Too many redirects" (Firefox) — browser stopped following redirects after 10+ hops. Causes: server block A redirects to HTTPS, server b…

Read →

HSTS Error: Browser Blocked by HSTS Policy

TL;DR: HSTS Error means the site is on the HSTS preload list but currently has a broken SSL. Chrome won't allow bypassing the warning (security feature). Owner fix: repair the…

Read →

Mixed Content: HTTPS Page Loading HTTP Resources

TL;DR: Mixed Content means an HTTPS page loads resources (JS, CSS, images, iframes) over HTTP. Chrome blocks active mixed content entirely; passive triggers a warning. Fix: replace…

Read →

MOZILLA_PKIX_ERROR_MITM_DETECTED in Firefox

Key idea: MOZILLA_PKIX_ERROR_MITM_DETECTED — Firefox saw a suspicious certificate on a domain with pinned keys (google.com, facebook.com, etc). Not a baseline SSL warning — Firefox…

Read →

SSL_ERROR_RX_RECORD_TOO_LONG: Non-TLS Response

TL;DR: SSL_ERROR_RX_RECORD_TOO_LONG means Firefox expected TLS but received HTTP or other plain text. 90% of cases: server is listening on port 443 as HTTP (not HTTPS). Check your …

Read →

SEC_ERROR_UNKNOWN_ISSUER in Firefox: Fix Guide

Key idea: SEC_ERROR_UNKNOWN_ISSUER means Firefox does not trust the SSL certificate issuer. Firefox ships its own Mozilla trust store (≠ system store), so regional or corporate CAs…

Read →

SSL_ERROR_NO_CYPHER_OVERLAP in Firefox

Key idea: SSL_ERROR_NO_CYPHER_OVERLAP — Firefox (same as ERR_SSL_VERSION_OR_CIPHER_MISMATCH in Chrome) could not agree on a TLS cipher suite with the server. Both sides have allowe…

Read →

SSL Handshake Failed: TLS Connection Setup Failure

TL;DR: SSL Handshake Failed means the TLS handshake between client and server did not complete. Causes: outdated SNI, TLS version mismatch, client certificate required, time skew &…

Read →