Custom domain shows valid configuration but apex and www fail TLS with ERR_SSL_PROTOCOL_ERROR

Hey all, I’m having an issue with an SSL Protocol Error…

Problem

Two custom domains (whimsi.xyz and www.whimsi.xyz) show “Valid Configuration” in Vercel, but browsers return ERR_SSL_PROTOCOL_ERROR. Other domains on the same project (domstack.app, www.domstack.app) work perfectly.

Evidence

Failing - no certificate served

openssl s_client -connect 216.198.79.1:443 -servername whimsi.xyz -tls1_2

Result: no peer certificate available

openssl s_client -connect 216.198.79.1:443 -servername www.whimsi.xyz -tls1_2

Result: no peer certificate available

Working - valid cert served

openssl s_client -connect 216.198.79.1:443 -servername domstack.app -tls1_2

Result: valid Let’s Encrypt certificate

What I’ve Tried

1. Removed both whimsi domains from Vercel.
2. Waited, then re-added them.
3. Verified DNS is set to DNS-only in Cloudflare (no proxy/redirect/worker rules).
4. Dashboard now shows valid configuration, but TLS still fails.

Diagnosis

This appears to be an SNI routing issue at the edge layer — the certificate exists and is valid, but isn’t being served for the whimsi.xyz hostname on certain edge nodes. The cert binding seems incomplete.

Ask

Has anyone experienced this? Is there a way to force certificate re-provisioning, or does this require Vercel infrastructure intervention?

The domain troubleshooting guide can help with most custom domain configuration issues. You might be able to use that guide to solve it before a human is available to help you. Then you can come back here and share the answer for bonus points.

You can also use v0 to narrow down the possibilities.