SSL/TLS: Complete Guide — Checker, Errors, Protocols

Enterno.io Editorial Team

Glossary (4) all →

mTLS — Mutual TLS Authentication

mTLS (mutual TLS) — both sides authenticate with certificates. For zero-trust, API-to-API, banking.

OCSP and OCSP Stapling — What They Are and How They Work

OCSP (Online Certificate Status Protocol) verifies SSL certificate revocation. What OCSP Stapling is, why enable it, how to configure.

TLS 1.3 — Definition and Use Cases [2026]

TLS 1.3 — explanation, syntax, applications. Online check.

SNI (Server Name Indication) — How It Works [2026]

SNI — clear explanation, how to configure, common mistakes. Online check free.

How-to (11) all →

How to Install an SSL Certificate on nginx — 2026

Step-by-step SSL install on nginx: certbot, fullchain, HTTP→HTTPS redirect, HSTS, modern ciphers.

How to Get a Let's Encrypt Wildcard Certificate — 2026

Step-by-step wildcard SSL from Let's Encrypt: DNS-01 challenge, certbot, auto-renewal. One cert for *.example.com.

How to Debug a TLS Handshake 2026

Diagnose TLS handshake errors: openssl s_client, Wireshark TLS decode, curl verbose, common failures.

How to Set Up OCSP Stapling in nginx — 2026

Step-by-step OCSP Stapling setup: nginx ssl_stapling, trusted certificate chain, resolver. 100-300ms TLS handshake speedup.

How to Rotate an SSL Certificate with Zero Downtime 2026

Step-by-step SSL rotation: Let's Encrypt renewal, commercial CA, hot-reload nginx/Apache without downtime.

How to Generate a CSR — 2026 Guide

Step-by-step CSR generation for SSL certificates: openssl, form fields, Common Name, SAN. Examples for web servers and DV/OV/EV.

How to Enable HTTP/2 in nginx and Apache — 2026

Step-by-step HTTP/2 setup in nginx, Apache, Cloudflare. Requirements, config, verification, compatibility. Up to 30% speed-up.

How to Migrate a Site from HTTP to HTTPS [2026]

Step-by-step migration: Let's Encrypt cert, 301 redirects, Mixed Content fix, HSTS preload.

How to Renew a Let's Encrypt Certificate [2026]

Step-by-step Let's Encrypt auto-renewal via certbot. Cron setup, verification and alerts.

How to Fix Browser SSL Errors [2026 Guide]

Guide to 10+ SSL errors: ERR_CERT_AUTHORITY_INVALID, DATE_INVALID, SSL_PROTOCOL_ERROR and more. Causes and fix in 5 minutes.

How to Check SSL Certificate Online Free [2026]

Step-by-step: how to check an SSL certificate, expiry, chain, grade. Free, no signup, in 10 seconds.

Ports (1) all →

Port 8883 — MQTT over TLS

TCP port 8883 — MQTT over TLS: encrypted IoT messaging. AWS IoT Core, HiveMQ, Mosquitto TLS.

Alternatives (3) all →

testssl.sh Alternatives — Web-UI SSL Scanners

testssl.sh is a CLI-first deep TLS scanner. Web-UI alternatives: Enterno.io, SSL Labs, Hardenize, ImmuniWeb.

crt.sh Alternatives 2026 — Certificate Transparency

crt.sh (Sectigo) is a free CT-log search. Alternatives: Enterno.io, CertSpotter, CRT Search, Google Transparency Report.

SSL Labs Alternatives — Best SSL Checkers 2026

SSL Labs Qualys is unreliable in 2026. 7 alternatives for SSL certificate testing: Enterno.io, Hardenize, ImmuniWeb, CryptCheck.

SSL errors (65) all →

Python ssl.SSLCertVerificationError: CERTIFICATE_VERIFY_FAILED

Python requests/urllib3: CERTIFICATE_VERIFY_FAILED. certifi, SSL_CERT_FILE, macOS, corporate proxy.

curl error 77: problem with CA cert file

curl: (77) problem with the SSL CA cert. CURLE_SSL_CACERT_BADFILE. CURL_CA_BUNDLE, --cacert, ca-certificates.

SEC_ERROR_OCSP_OLD_RESPONSE (Firefox)

Firefox/NSS SEC_ERROR_OCSP_OLD_RESPONSE: OCSP response is stale. Must-Staple, nextUpdate, OCSP cache.

sun.security.validator.ValidatorException: PKIX path building failed

Java PKIX path building failed: incomplete chain, missing CA in cacerts. keytool import, debug -Djavax.net.debug.

Schannel 0x80072f7d — Security channel error (Windows)

Windows Schannel 0x80072F7D: security error occurred. TLS version, cipher mismatch, Windows Update.

Trust anchor for certification path not found (Android)

Android SSL: java.security.cert.CertPathValidatorException: Trust anchor for certification path not found. Causes, fix.

ERR_SSL_SERVER_CERT_BAD_FORMAT — Malformed Cert

Chrome ERR_SSL_SERVER_CERT_BAD_FORMAT — cert not parseable. ASN.1 encoding error, truncated cert, non-DER format.

ERR_QUIC_PROTOCOL_ERROR — Chrome HTTP/3

Chrome ERR_QUIC_PROTOCOL_ERROR — QUIC transport error. Causes: CDN misconfig, middlebox interference, NAT UDP drops.

ERR_QUIC_TIMEOUT — HTTP/3 Connection Timeout

Chrome ERR_QUIC_TIMEOUT — QUIC session timed out. Causes: UDP packet loss, slow network, NAT hairpinning issues.

ERR_QUIC_HANDSHAKE_FAILED — Initial Handshake

Chrome ERR_QUIC_HANDSHAKE_FAILED — TLS 1.3 handshake inside QUIC failed. Causes: cert issues, cipher mismatch, version negotiation.

ERR_HPACK_DECODING_FAILED — HTTP/2 Header

Chrome ERR_HPACK_DECODING_FAILED — HTTP/2 HPACK decompression error. Malformed headers, encoder state corruption.

ERR_SSL_UNRECOGNIZED_NAME_ALERT — SNI Mismatch

Chrome ERR_SSL_UNRECOGNIZED_NAME_ALERT — server did not recognise client SNI hostname. Misconfigured virtual hosts.

ERR_ECH_REQUIRED — Encrypted Client Hello

Chrome ERR_ECH_REQUIRED — server signalled that ECH (Encrypted Client Hello) is required. Needs HTTPS record + ECH support.

ERR_DNS_MALFORMED_RESPONSE — DNS Reply Invalid

Chrome ERR_DNS_MALFORMED_RESPONSE — DNS resolver received invalid response. DoH/DoT misconfig, DNSSEC failures.

NET::ERR_INVALID_HTTP_RESPONSE — Malformed Response

Chrome ERR_INVALID_HTTP_RESPONSE — server returned HTTP data that does not conform to HTTP/1.1 RFC. Proxy corruption, content-length mismat…

ERR_INCOMPLETE_CHUNKED_ENCODING — Truncated Response

Chrome ERR_INCOMPLETE_CHUNKED_ENCODING — chunked response interrupted before final 0-size chunk. Timeout, crash, network disconnect.

SSL_ERROR_RX_UNKNOWN_RECORD_TYPE — Firefox

Firefox SSL_ERROR_RX_UNKNOWN_RECORD_TYPE — unexpected TLS record type. Causes: proxy/MITM/broken middleware.

NSURLErrorServerCertificateUntrusted (-1202) — iOS/macOS

iOS/macOS error -1202 NSURLErrorServerCertificateUntrusted. Causes and how to fix in a Swift/Objective-C app.

ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY — Logjam Fix

Chrome ERR_SSL_WEAK_SERVER_EPHEMERAL_DH_KEY — server uses a DH key below 1024 bits. Fix via modern ciphers.

SEC_ERROR_INADEQUATE_KEY_USAGE — Firefox Fix

Firefox SEC_ERROR_INADEQUATE_KEY_USAGE — cert extensions do not permit using the key for TLS. How to reissue.

SEC_ERROR_CA_CERT_INVALID — Firefox Fix

Firefox SEC_ERROR_CA_CERT_INVALID — CA cert invalid (expired, malformed). Causes and how to fix.

MOZILLA_PKIX_ERROR_REQUIRED_TLS_FEATURE_MISSING

Firefox: cert requires OCSP Must-Staple (RFC 7633) but server does not staple. How to fix.

ERR_SSL_OCSP_INVALID_RESPONSE — Chrome

Chrome ERR_SSL_OCSP_INVALID_RESPONSE — OCSP response malformed or stale. Causes and fix.

NET::ERR_CERT_INVALID — Generic Chrome

Chrome generic ERR_CERT_INVALID — umbrella category for cert errors. How to narrow down the actual cause.

SSL_ERROR_NO_RENEGOTIATION — Firefox

Firefox SSL_ERROR_NO_RENEGOTIATION — server rejected TLS renegotiation. Fix via client cert auth config.

SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION — Firefox

Firefox SEC_ERROR_UNKNOWN_CRITICAL_EXTENSION — cert carries a critical extension Firefox does not know. How to fix.

NET::ERR_HTTP_RESPONSE_CODE_FAILURE — Fix

ERR_HTTP_RESPONSE_CODE_FAILURE in Chrome — unexpected HTTP code on a subresource. Causes, debug.

NET::ERR_CERTIFICATE_TRANSPARENCY_REQUIRED — Fix

Chrome rejects certificates without Certificate Transparency. What SCT is, how to reissue a cert with embedded SCT.

CAA Violation Error — Certificate Not Authorized

CAA violation — CA could not issue a cert because DNS CAA record does not authorise it. How to configure CAA for Let's Encrypt.

SSL_ERROR_PROTOCOL_VERSION_ALERT — TLS Version Mismatch

Firefox/Chrome: SSL_ERROR_PROTOCOL_VERSION_ALERT — server rejected the TLS version. How to enable TLS 1.2/1.3.

ERR_SSL_BAD_HANDSHAKE_HASH_VALUE — Fix

Chrome: ERR_SSL_BAD_HANDSHAKE_HASH_VALUE — handshake hash mismatch. Causes and fix via cipher + TLS config.

ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY — HTTP/2 over Weak TLS

Chrome: ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY — HTTP/2 requires TLS 1.2+ with modern ciphers. What's wrong and fix.

ERR_TLS_CERT_VALIDATION_TIMED_OUT — OCSP Timeout

Chrome: ERR_TLS_CERT_VALIDATION_TIMED_OUT — OCSP/CRL check timed out. Fix via OCSP stapling.

ERR_ICANN_NAME_COLLISION — Internal TLD Conflict

Chrome: ERR_ICANN_NAME_COLLISION — domain collides with a registered TLD after delegation. Fix by renaming internal zone.

ERR_ADDRESS_UNREACHABLE — Server Unreachable

ERR_ADDRESS_UNREACHABLE — IP is unreachable from your network. Causes: DNS, routing, firewall. Diagnosis and fix.

ERR_SSL_RENEGOTIATION_NOT_SUPPORTED — TLS Renegotiation

ERR_SSL_RENEGOTIATION_NOT_SUPPORTED — TLS 1.3 does not support renegotiation. How to fix for apps that require it.

ERR_SSL_DECOMPRESSION_FAILURE_ALERT — CRIME Mitigation

ERR_SSL_DECOMPRESSION_FAILURE_ALERT — TLS compression disabled as CRIME mitigation (CVE-2012-4929). How and why.

ERR_CERT_REVOKED — Certificate Revoked by CA

NET::ERR_CERT_REVOKED — CA revoked the SSL certificate via OCSP/CRL. Causes, how to know why, how to reissue.

ERR_CONNECTION_RESET — Connection Reset in Chrome

ERR_CONNECTION_RESET — TCP session torn down. Causes: firewall, DPI, overloaded server, broken TLS. 5-step fix.

ERR_TOO_MANY_REDIRECTS — Redirect Loop Fix 2026

Chrome shows ERR_TOO_MANY_REDIRECTS when a site loops http↔https or www↔non-www. Causes and step-by-step fix.

ERR_SSL_OBSOLETE_VERSION — Block of Outdated TLS 1.0/1.1

Chrome shows ERR_SSL_OBSOLETE_VERSION for sites on TLS 1.0/1.1. How to enable TLS 1.2/1.3 in nginx, Apache, IIS.

ERR_HTTP2_PROTOCOL_ERROR — HTTP/2 Issues

ERR_HTTP2_PROTOCOL_ERROR — HTTP/2 stream cancelled by server. Causes: header size, flow control, server bug. How to debug.

MOZILLA_PKIX_ERROR_MITM_DETECTED — Firefox

MOZILLA_PKIX_ERROR_MITM_DETECTED — Firefox detected a man-in-the-middle on a known domain. Reason and safe resolution.

ERR_BLOCKED_BY_RESPONSE — COEP/CORP Blocking

ERR_BLOCKED_BY_RESPONSE — Chrome blocks the resource due to Cross-Origin-Resource-Policy, Cross-Origin-Opener-Policy. How to fix.

SSL_ERROR_NO_CYPHER_OVERLAP — Firefox & No Shared Ciphers

SSL_ERROR_NO_CYPHER_OVERLAP — Firefox found no common TLS cipher with the server. Causes and how to fix cipher setup.

ERR_CERT_VALIDITY_TOO_LONG — Certificate Valid > 398 Days

Chrome blocks SSL certificates with validity > 398 days. Causes, fix, and how to reissue a certificate with a shorter validity.

ERR_SSL_VERSION_OR_CIPHER_MISMATCH — Fix Guide 2026

Chrome shows ERR_SSL_VERSION_OR_CIPHER_MISMATCH? Server uses outdated TLS or weak ciphers. 10-minute fix + free SSL check online.

SEC_ERROR_UNKNOWN_ISSUER — Fix Firefox SSL Error 2026

Firefox shows SEC_ERROR_UNKNOWN_ISSUER? See root causes and a 5-step fix. Free online SSL chain check.

ERR_SSL_UNRECOGNIZED_NAME_ALERT — SNI Mismatch in Chrome

Chrome shows ERR_SSL_UNRECOGNIZED_NAME_ALERT? The server does not know the requested domain. 5 causes + nginx/Apache fix.

ERR_EMPTY_RESPONSE — Server Did Not Reply. Causes & Fix

Chrome shows ERR_EMPTY_RESPONSE? The server closed the connection without a reply. 6 causes + nginx/PHP-FPM/backend debug.

ERR_SSL_BAD_RECORD_MAC_ALERT — Corrupted TLS Record

Chrome shows ERR_SSL_BAD_RECORD_MAC_ALERT? TLS MAC verification failed. Causes, debug, and network/proxy fix.

NET::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN — HPKP/Pinning

Chrome blocks the site due to HTTP Public Key Pinning mismatch. Causes, how to clear an old pin, and restore access.

ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED — mTLS Cert

Chrome rejects the client certificate (mTLS). Causes, where Chrome stores client certs, and how to fix the signature.

ERR_CERT_SYMANTEC_LEGACY — Old Symantec Cert 2026

Chrome blocks Symantec, VeriSign, Thawte, GeoTrust certs issued before 2017. Cause and how to reissue for free.

ERR_SSL_KEY_USAGE_INCOMPATIBLE — Cert Not for Server Auth

Chrome/Edge rejects certificates without serverAuth in extKeyUsage. Causes, OpenSSL check, and the right way to reissue.

SSL_ERROR_BAD_CERT_DOMAIN — How to Fix [2026]

Browser shows SSL_ERROR_BAD_CERT_DOMAIN? We break down causes and give step-by-step fix in 5 minutes. Check SSL certificate online — free.

Mixed Content — How to Fix HTTPS Warning [2026]

Browser shows Mixed Content? We break down causes and give step-by-step fix in 5 minutes. Check SSL certificate online — free.

HSTS Error — How to Bypass Strict-Transport-Security [2026]

Browser shows HSTS Error? We break down causes and give step-by-step fix in 5 minutes. Check SSL certificate online — free.

SSL Handshake Failed — How to Fix [2026]

Browser shows SSL Handshake Failed? We break down causes and give step-by-step fix in 5 minutes. Check SSL certificate online — free.

ERR_CERT_WEAK_SIGNATURE_ALGORITHM — How to Fix [2026]

Browser shows ERR_CERT_WEAK_SIGNATURE_ALGORITHM? We break down causes and give step-by-step fix in 5 minutes. Check SSL certificate online …

SSL_ERROR_RX_RECORD_TOO_LONG — How to Fix [2026]

Browser shows SSL_ERROR_RX_RECORD_TOO_LONG? We break down causes and give step-by-step fix in 5 minutes. Check SSL certificate online — fre…

ERR_CERT_COMMON_NAME_INVALID — How to Fix [2026]

Browser shows ERR_CERT_COMMON_NAME_INVALID? We break down causes and give step-by-step fix in 5 minutes. Check SSL certificate online — fre…

ERR_CERT_DATE_INVALID — How to Fix [2026]

Browser shows ERR_CERT_DATE_INVALID? We break down causes and give step-by-step fix in 5 minutes. Check SSL certificate online — free.

ERR_SSL_PROTOCOL_ERROR — How to Fix [2026]

Browser shows ERR_SSL_PROTOCOL_ERROR? We break down causes and give step-by-step fix in 5 minutes. Check SSL certificate online — free.

NET::ERR_CERT_AUTHORITY_INVALID — How to Fix [2026 Guide]

Chrome showing NET::ERR_CERT_AUTHORITY_INVALID? We break down 6 causes and give step-by-step fix in 5 minutes. Check SSL certificate online…

Other pages (1)

SSL Certificate Check Online — Free | Enterno.io

Free SSL certificate checker: expiry date, chain, encryption, vulnerabilities. SSL expiry monitoring.