[▲ Vercel Community](/) · [Categories](/categories) · [Latest](/latest) · [Top](/top) · [Live](/live) [Help](/c/help/9) # Custom domain shows valid configuration but apex and www fail TLS with ERR_SSL_PROTOCOL_ERROR 24 views · 0 likes · 2 posts Emo (@emersonrkirk-1801) · 2026-03-05 Hey all, I’m having an issue with an SSL Protocol Error… ## Problem Two custom domains (`whimsi.xyz` and `www.whimsi.xyz`) show “Valid Configuration” in Vercel, but browsers return `ERR_SSL_PROTOCOL_ERROR`. Other domains on the same project (`domstack.app`, `www.domstack.app`) work perfectly. ## Evidence **Failing - no certificate served** ```bash openssl s_client -connect 216.198.79.1:443 -servername whimsi.xyz -tls1_2 ``` > **Result: no peer certificate available** ```bash openssl s_client -connect 216.198.79.1:443 -servername www.whimsi.xyz -tls1_2 ``` > **Result: no peer certificate available** **Working - valid cert served** ```bash openssl s_client -connect 216.198.79.1:443 -servername domstack.app -tls1_2 ``` > **Result: valid Let’s Encrypt certificate** ## What I've Tried 1. Removed both `whimsi` domains from Vercel. 2. Waited, then re-added them. 3. Verified DNS is set to **DNS-only** in Cloudflare (no proxy/redirect/worker rules). 4. Dashboard now shows valid configuration, but TLS still fails. ## Diagnosis This appears to be an **SNI routing issue at the edge layer** — the certificate exists and is valid, but isn’t being served for the `whimsi.xyz` hostname on certain edge nodes. The cert binding seems incomplete. ## Ask Has anyone experienced this? Is there a way to force certificate re-provisioning, or does this require Vercel infrastructure intervention? system (@system) · 2026-03-05 The domain troubleshooting guide can help with most custom domain configuration issues. You might be able to use that guide to solve it before a human is available to help you. Then you can come back here and share the answer for [bonus points](https://community.vercel.com/t/introducing-the-vercel-leaderboard/1358). [https://vercel.com/docs/projects/domains/troubleshooting](https://vercel.com/docs/projects/domains/troubleshooting) You can also use [v0](https://v0.dev/) to narrow down the possibilities.