Project: ruproa (Pro plan, Maericks Credit Builder team)
Domain: ruproa.com — apex on Vercel nameservers, dashboard shows Valid Configuration
Cert: Let’s Encrypt wildcard, issued May 26 2026, valid through Aug 24 2026
We’re getting customer reports of SSL protocol errors loading ruproa.com. After
investigation, I’ve found two separate issues and want to flag the Vercel-side one
here.
VERCEL EDGE TLS FAILURES
SSL Labs external scan shows some edge IPs in the anycast pool fail the TLS
handshake entirely while others serve the cert fine:
Working: 216.150.1.65 — TLS OK, valid *.ruproa.com cert
Working: 216.150.16.193 — TLS OK, valid *.ruproa.com cert
Failing: 216.150.1.129 — “Failed to communicate with the secure server”
Failing: 216.150.1.193 — “Failed to communicate with the secure server”
Different public resolvers return different IPs from the pool (confirmed via
Google 8.8.8.8, Cloudflare 1.1.1.1, Quad9 9.9.9.9), so customers land on
different edges depending on geography/resolver. Those hitting the failing
edges get ERR_SSL_PROTOCOL_ERROR.
Dashboard shows Valid Configuration for ruproa.com, www.ruproa.com, and
ruproa.vercel.app. I clicked Refresh on both custom domains. The failing
edges did not recover.
SEPARATE OPENDNS ISSUE (for context)
Additionally, Cisco OpenDNS/Umbrella has incorrectly classified ruproa.com
as phishing and redirects to hit-phish.opendns.com. This is a false positive
on Cisco’s side (Talos rep is Neutral, Google Safe Browsing is clean, PhishTank
has no listing). I’m pursuing that with Cisco separately. Mentioning it here in
case Vercel has seen this pattern or has a channel to Cisco for domain reputation.
Has anyone else experienced partial edge TLS failures with Valid Configuration
showing in the dashboard? Any guidance appreciated.